[squid-users] ECDSA and SSL bump

Amos Jeffries squid3 at treenet.co.nz
Sun Jun 19 09:18:36 UTC 2016


On 19/06/2016 12:42 a.m., Yuri Voinov wrote:
> 
> Good weekend to all.
> 
> Gentlemen, somebody played with ECDSA-certificates and SSL bump with SQUID?
> 
> I have when trying to use ECDSA self-signed CA to bump, Squid (version
> no matter) gives an error SSLv3 (for unknown reasons) and can not
> establish a secure connection. With CIPHER/PROTOCOL negotiation error in
> browser. Yea, latest Chrome.
> 
> Does this mean that Squid is not support ECDSA?
> 

It means your certificate was not created with the flags indicating
which Curve it is to be used with.
 <https://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography#Named_Curves>

I can't find any evidence of the flag being set on generated
certificates. So that may also be adding to the problem.

Amos


More information about the squid-users mailing list