[squid-users] Squid 3.5 Forward Secrecy on https_port

Marcus Kool marcus.kool at urlfilterdb.com
Wed Aug 12 21:10:19 UTC 2015

>> Does anyone see something missing in my https_port configuration that
>> is causing it to not use the ECDHE keys?
> I made some updates above, the dh.params file wasn't being found, changed that line to use full path, and its now use DHE ciphers, but not ECDHE ciphers.

ECDHE is not considered safe by a group of cryptologists since the EC implementation is based on secret parameters that only the author of the algorithm has.
See also http://safecurves.cr.yp.to/rigid.html


More information about the squid-users mailing list