[squid-users] any way to get squid-4 compiled on CentOS-6?
Amos Jeffries
squid3 at treenet.co.nz
Wed Feb 24 00:17:42 UTC 2016
On 24/02/2016 12:24 p.m., Dan Charlesworth wrote:
> Thanks Amos, good to know. I didn’t see your original reply for some reason; sorry about that.
>
> I thought I had read that these sort of errors could be avoided in Squid-4:
> Error negotiating SSL connection on FD 66: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher (1/-1)
>
> But now I can’t even a source for that … I need to spend some quality time with Google I think.
>
The Squid-3.5.13 release may help you with that one...
That particular error is a direct result of the client TLS/SSL ciphers
not overlapping with the Squid openssl library ciphers (or configured
sub-set).
If you are being strict and disabling everything that is being declared
as outdated /dangerous in TLS nowdays you can find yourself with the
very small set of just AES_GCM, and ECDH(E) ciphers being acceptible.
Last years 3.5 did not have ECDH(E) support, and not very many clients
have AES_GCM yet. So - ouch.
Today there is no difference in supported ciphers between Squid-3.5 and
Squid-4, given the same library.
Amos
More information about the squid-users
mailing list