Search squid archive

Re: ERROR: Unsupported TLS option SINGLE_ECDH_USE

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2024-07-05 11:35, Jonathan Lee wrote:

tls_outgoing_options options=NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE

ERROR: Unsupported TLS option SINGLE_ECDH_USE

Your OpenSSL version defines SSL_OP_SINGLE_ECDH_USE name but otherwise ignores SSL_OP_SINGLE_ECDH_USE. OpenSSL behavior that was triggered by using this option in old OpenSSL releases is now default behavior, so using this option is no longer needed to trigger single-DH key use[1].

Adding SINGLE_ECDH_USE to your configuration achieves/changes nothing (with modern OpenSSL versions) as far as traffic on the wire is concerned. AFAICT, you should not use that option in squid.conf.

HTH,

Alex.

[1]: https://wiki.openssl.org/index.php/List_of_SSL_OP_Flags#SSL_OP_SINGLE_DH_USE

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux