[squid-users] ECDH not working with Squid 4. ERROR: Unable to set Ephemeral ECDH: error:00000000:lib(0):func(0):reason(0)
Amos Jeffries
squid3 at treenet.co.nz
Mon Dec 21 22:04:54 UTC 2015
On 22/12/2015 3:07 a.m., tylerd wrote:
> Hello,
> I'm having a hard time trying to use ECDH support in Squid and I tried a few
> different releases since v. 4 is out. Squid version:
>
> Squid Cache: Version 4.0.3-20151216-r14446Service Name: squidconfigure
> options: '--with-openssl' '--enable-basic-auth-helpers=squid_radius_auth'
> '--enable-auth' --enable-ltdl-convenience
The above is equivalent to just "./configure --with-openssl"
Because "--enable-auth" is enabled by default and
"--enable-basic-auth-helpers" does not exist. Even if it did there is no
"basic_squid_radius_auth_auth" helper.
The configuration you seem to be trying to achieve is:
./configure --with-openssl --enable-auth-basic=RADIUS
Which will build the Squid-3.2+ helper called "basic_radius_auth".
> OpenSSL is 1.0.1q
> Relevant https_port settings line in my squid.conf:
> https_port 443 cert=/root/ssl/squid.crt key=/root/ssl/squid.key
> tls-cafile=/root/ssl/ca.crt
> cipher=ECDH+AESGCM:DH+AESGCM:ECDH+AES:DH+AES:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
> tls-dh=secp384r1:/usr/local/squid/etc/dhparam.pem
> When I try to run it, I get the following error: 2015/12/21 09:01:05| ERROR:
> Unable to set Ephemeral ECDH: error:00000000:lib(0):func(0):reason(0)
>
> Is there anybody running it successfully with ECDH support willing to share
> some insights and a config sample? Thanks in advance.
>
That was a regression in the latest betas. I have now resolved it.
FYI: It was just incorrect logging, the ECDH ciphers should have been
operating properly despite the message. If you find that ECDH is not
working that is a separate issue.
Thanks
Amos
More information about the squid-users
mailing list