[squid-users] SSL errors with Squid 3.5.27

Amos Jeffries squid3 at treenet.co.nz
Mon Jun 11 06:02:49 UTC 2018

On 10/06/18 20:42, Walter H. wrote:
> On 10.06.2018 08:49, Amos Jeffries wrote:
>> Interesting.
>> The main issue was that you configured only params for the Diffi-Helman
>> (DH and DHE) ciphers - no curve name. That meant your specified EEC*
>> ciphers were disabled since they require a curve name as well.
>> Removing this option completely disables both DH and ECDH cipher types.
>> Leaving your proxy with only the RSA based ciphers.
> can you please tell, how to configure this correct
> I mean how to specify the curve name ...
> and which curves are possible

The documentation covers that.


  File containing DH parameters for temporary/ephemeral DH key
  exchanges, optionally prefixed by a curve for ephemeral ECDH
  key exchanges.

  See OpenSSL documentation for details on how to create the
  DH parameter file. Supported curves for ECDH can be listed
  using the "openssl ecparam -list_curves" command.

  WARNING: EDH and EECDH ciphers will be silently disabled if
  this option is not set.

Curve names depend on library, so you have to check your own library for
them as described above.


More information about the squid-users mailing list