[squid-users] Squid as reverse proxy with EC private key

Johannes Engel jcnengel at gmail.com
Mon Sep 21 14:09:37 UTC 2015


Dear all,

I would like to run squid 3.5.8 as a reverse proxy for our webserver. I
already have a certificate which is currently in use by the Apache
Webserver 2.4 itself. It is based upon an EC (elliptic curve) private key
of length 384.
Until now I have not managed to fire up squid with by specifying https_port
with private key and certificate. It will run, but all connection attempts
(e.g. using openssl s_client or gnutls-cli) will break down with the
following server-side error:

Error negotiating SSL connection on FD 14: error:1408A0C1:SSL
routines:SSL3_GET_CLIENT_HELLO:no shared cipher (1/-1)

The https_port line looks like this:
https_port 443 accel cert=/etc/squid/test.pem key=/etc/squid/test.key
cafile=/etc/squid/globalsign.pem dhparams=/etc/squid/dhparams.pem
defaultsite=my.web.site

Does Squid simply not support elliptic curvers for primary keys? OpenSSL
1.0.1k is installed which works fine with the Apache...

Thank you very much for your help.

Best regards,
Johannes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150921/c9b39377/attachment.html>


More information about the squid-users mailing list