[squid-users] Squid 3.5 Forward Secrecy on https_port
Marcus Kool
marcus.kool at urlfilterdb.com
Wed Aug 12 21:10:19 UTC 2015
>> Does anyone see something missing in my https_port configuration that
>> is causing it to not use the ECDHE keys?
>
> I made some updates above, the dh.params file wasn't being found, changed that line to use full path, and its now use DHE ciphers, but not ECDHE ciphers.
FWIW:
ECDHE is not considered safe by a group of cryptologists since the EC implementation is based on secret parameters that only the author of the algorithm has.
See also http://safecurves.cr.yp.to/rigid.html
Marcus
More information about the squid-users
mailing list