[squid-users] any way to get squid-4 compiled on CentOS-6?
Dan Charlesworth
dan at getbusi.com
Wed Feb 24 00:25:55 UTC 2016
That’s the version I’m on actually (RPM compiled by me):
squid-3.5.13-1.el6.x86_64
openssl-1.0.1e-42.el6_7.2.x86_64
I’m not setting sslproxy_cipher in my config, so I guess that’s not it. My openssl library the problem perhaps?
> On 24 Feb 2016, at 11:17 AM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>
> On 24/02/2016 12:24 p.m., Dan Charlesworth wrote:
>> Thanks Amos, good to know. I didn’t see your original reply for some reason; sorry about that.
>>
>> I thought I had read that these sort of errors could be avoided in Squid-4:
>> Error negotiating SSL connection on FD 66: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher (1/-1)
>>
>> But now I can’t even a source for that … I need to spend some quality time with Google I think.
>>
>
> The Squid-3.5.13 release may help you with that one...
>
>
> That particular error is a direct result of the client TLS/SSL ciphers
> not overlapping with the Squid openssl library ciphers (or configured
> sub-set).
>
> If you are being strict and disabling everything that is being declared
> as outdated /dangerous in TLS nowdays you can find yourself with the
> very small set of just AES_GCM, and ECDH(E) ciphers being acceptible.
>
> Last years 3.5 did not have ECDH(E) support, and not very many clients
> have AES_GCM yet. So - ouch.
>
>
> Today there is no difference in supported ciphers between Squid-3.5 and
> Squid-4, given the same library.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list