[squid-users] FYI: Squid-3.5 Ephemeral Elliptic Curve Diffie-Hellman (EECDH) key exchange
Yuri Voinov
yvoinov at gmail.com
Tue Dec 22 14:52:05 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Just built r13967. EC now visible in online SSL check. Will test more
tomorrow.
22.12.15 14:25, Amos Jeffries пишет:
> Since the lack of this is a security hole in Squid-3.5, is already
> causing trouble for people unable to use the old Diffi-Helman exchange
> or to upgrade to Squid-4, and the patch is rather small with full
> backward compatibility. I have decided to break with the usual policy of
> no squid.conf alterations after a version goes stable for production use.
>
> The squid.conf settings necessary to configure EECDH ciphers in TLS have
> just been applied to the Squid-3.5 branch and will be part of the next
> release.
>
> If anyone has been wishing for this and is able to assist with testing,
> please feel free to try out the r13967 (or later) snapshots when they
> become available in a few hours.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJWeWOUAAoJENNXIZxhPexG8gUH/R6zFlvsJ/MadYf3pM5+s6IR
tiSW9oTrVuNcNoTaL0dkaLXNACaa3+C0UyaF02jsd3/Ngj3cxa3TT6bVItIt6RYj
J26dRYXIht1pPtmDhM/I6QJhYdGUmcq+uXi+KQmCT7TLm5lRfUW29t6vhc+GMmYJ
MUdv2PRElmdPtaZwWDnKCi8+XZ9aC36c5ulNef0BW3MkNtvOa2Hz+V0p417nuMfS
Qws9DeXpwwdLWRqIfCVf5ZViuZJ+Dsg07WWpUSgAmMcnq2IANlEGcw8/gzPoJ8/i
Q/M7Nrrm9k5cxtGVUMrJHrn1smwJZjq6cG2Mj/d1akup9as8P6i2vbe5EkxAIlA=
=n2n3
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list