[squid-users] Squid 3.5 Forward Secrecy on https_port

Marcus Kool marcus.kool at urlfilterdb.com
Wed Aug 12 21:10:19 UTC 2015


>> Does anyone see something missing in my https_port configuration that
>> is causing it to not use the ECDHE keys?
>
> I made some updates above, the dh.params file wasn't being found, changed that line to use full path, and its now use DHE ciphers, but not ECDHE ciphers.

FWIW:
ECDHE is not considered safe by a group of cryptologists since the EC implementation is based on secret parameters that only the author of the algorithm has.
See also http://safecurves.cr.yp.to/rigid.html

Marcus


More information about the squid-users mailing list