[squid-users] ECDH not working with Squid 4. ERROR: Unable to set Ephemeral ECDH: error:00000000:lib(0):func(0):reason(0)

Amos Jeffries squid3 at treenet.co.nz
Mon Dec 21 22:04:54 UTC 2015

On 22/12/2015 3:07 a.m., tylerd wrote:
> Hello, 
> I'm having a hard time trying to use ECDH support in Squid and I tried a few 
> different releases since v. 4 is out. Squid version:
> Squid Cache: Version 4.0.3-20151216-r14446Service Name: squidconfigure 
> options:  '--with-openssl' '--enable-basic-auth-helpers=squid_radius_auth' 
> '--enable-auth' --enable-ltdl-convenience

The above is equivalent to just "./configure --with-openssl"

Because "--enable-auth" is enabled by default and
"--enable-basic-auth-helpers" does not exist. Even if it did there is no
"basic_squid_radius_auth_auth" helper.

The configuration you seem to be trying to achieve is:
 ./configure --with-openssl --enable-auth-basic=RADIUS

Which will build the Squid-3.2+ helper called "basic_radius_auth".

> OpenSSL is 1.0.1q
> Relevant https_port settings line in my squid.conf:
> https_port 443 cert=/root/ssl/squid.crt key=/root/ssl/squid.key 
> tls-cafile=/root/ssl/ca.crt 
> tls-dh=secp384r1:/usr/local/squid/etc/dhparam.pem
> When I try to run it, I get the following error: 2015/12/21 09:01:05| ERROR: 
> Unable to set Ephemeral ECDH: error:00000000:lib(0):func(0):reason(0)

> Is there anybody running it successfully with ECDH support willing to share 
> some insights and a config sample? Thanks in advance. 

That was a regression in the latest betas. I have now resolved it.

FYI: It was just incorrect logging, the ECDH ciphers should have been
operating properly despite the message. If you find that ECDH is not
working that is a separate issue.


More information about the squid-users mailing list