[squid-users] Squid Proxy SSL Bump can not retrieve SSL session back to the client?

Amos Jeffries squid3 at treenet.co.nz
Thu Dec 12 09:42:55 UTC 2019


On 12/12/19 11:38 am, GeorgeShen wrote:
> 
> did a 'openssl dhparam -out dhparams.pem 4096' to generate the dhparams.pem
> file, and added those into the squid.conf:
> 
> http_port 3129 ssl-bump cert=/usr/local/squid/etc/ssl_cert/myCA.pem
> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
> *options=SINGLE_DH_USE:SINGLE_ECDH_USE
> tls-dh=/usr/local/squid/etc/dhparams.pem*
> 
> when the client software include the ciphersuites of the above mentioned,
> still fail the TLS negotiation. Do I configured this incorrectly?

What you have so far enables the DH ciphers and algorithms, but not yet
the curve parts. For that you need to add the curve name to tls-dh option.



Amos


More information about the squid-users mailing list