[squid-users] SSL errors with Squid 3.5.27
squid3 at treenet.co.nz
Mon Jun 11 06:02:49 UTC 2018
On 10/06/18 20:42, Walter H. wrote:
> On 10.06.2018 08:49, Amos Jeffries wrote:
>> The main issue was that you configured only params for the Diffi-Helman
>> (DH and DHE) ciphers - no curve name. That meant your specified EEC*
>> ciphers were disabled since they require a curve name as well.
>> Removing this option completely disables both DH and ECDH cipher types.
>> Leaving your proxy with only the RSA based ciphers.
> can you please tell, how to configure this correct
> I mean how to specify the curve name ...
> and which curves are possible
The documentation covers that.
File containing DH parameters for temporary/ephemeral DH key
exchanges, optionally prefixed by a curve for ephemeral ECDH
See OpenSSL documentation for details on how to create the
DH parameter file. Supported curves for ECDH can be listed
using the "openssl ecparam -list_curves" command.
WARNING: EDH and EECDH ciphers will be silently disabled if
this option is not set.
Curve names depend on library, so you have to check your own library for
them as described above.
More information about the squid-users