[squid-users] SSL-bump and Ciphersuite?
Amos Jeffries
squid3 at treenet.co.nz
Mon Jan 11 16:02:47 UTC 2016
On 11/01/2016 11:51 p.m., Walter H. wrote:
>
> Ok, because the strange in connection with this:
>
> I had
>
> http_port 3128 ... dhparam=./dhparam.pem
>
> and before installing Kaspersky Anti-Virus there was not any error; but in
> connection with the SSL-Interception of Kaspersky Anti-Virus, I got an SSL
> error in Mozilla Firefox like "invalid server hello"
> removing dhparam=... from http_port resolves this "issue";
dhparam enables state necessary for Diffie-Hellman ciphers (DH/DHE/EDH)
to work. Without it they would be broken and not negotiated.
Amos
More information about the squid-users
mailing list