[squid-users] FYI: Squid-3.5 Ephemeral Elliptic Curve Diffie-Hellman (EECDH) key exchange

Amos Jeffries squid3 at treenet.co.nz
Tue Dec 22 08:25:05 UTC 2015


Since the lack of this is a security hole in Squid-3.5, is already
causing trouble for people unable to use the old Diffi-Helman exchange
or to upgrade to Squid-4, and the patch is rather small with full
backward compatibility. I have decided to break with the usual policy of
no squid.conf alterations after a version goes stable for production use.

The squid.conf settings necessary to configure EECDH ciphers in TLS have
just been applied to the Squid-3.5 branch and will be part of the next
release.

If anyone has been wishing for this and is able to assist with testing,
please feel free to try out the r13967 (or later) snapshots when they
become available in a few hours.

Amos


More information about the squid-users mailing list