[squid-users] any way to get squid-4 compiled on CentOS-6?
Dan Charlesworth
dan at getbusi.com
Wed Feb 24 23:17:25 UTC 2016
Thanks for the hint.
I tried this, based on the docs here:
http://wiki.squid-cache.org/ConfigExamples/Intercept/SslBumpExplicit
… But it doesn’t seem to help. FYI trying to bump traffic from Instagram’s iOS app seems to trigger it pretty consistently.
> On 25 Feb 2016, at 9:24 AM, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>
> On 24/02/2016 1:25 p.m., Dan Charlesworth wrote:
>> That’s the version I’m on actually (RPM compiled by me):
>>
>> squid-3.5.13-1.el6.x86_64
>> openssl-1.0.1e-42.el6_7.2.x86_64
>>
>> I’m not setting sslproxy_cipher in my config, so I guess that’s not it. My openssl library the problem perhaps?
>
> Perhapse. I expect that library is new enough not to have problems with
> anything.
>
> It could still be the same DH problem. For the DH and ECDH type ciphers
> you have to supply the Diffi-Helman parameters and/or Curve name or
> Squid will still not be able to use / negotiate them.
>
> You could try setting up the tls-dh= parameter and see if it solves the
> problem.
>
>
> Of course you might just be seeing malware attacks intentionally trying
> to force low-security ciphers and being rejected with that error logged.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list