[squid-users] ECDSA and SSL bump

Yuri yvoinov at gmail.com
Sun Jun 19 09:55:08 UTC 2016


I agree with the diagnosis. However, this manual does not contain 
complete answer to the question - as, indeed, add that flag in a 
certificate?

Write a program on C? I do not see the command line options or 
configuration settings, something related to the ECDSA.

19.06.2016 15:18, Amos Jeffries пишет:
> On 19/06/2016 12:42 a.m., Yuri Voinov wrote:
>> Good weekend to all.
>>
>> Gentlemen, somebody played with ECDSA-certificates and SSL bump with SQUID?
>>
>> I have when trying to use ECDSA self-signed CA to bump, Squid (version
>> no matter) gives an error SSLv3 (for unknown reasons) and can not
>> establish a secure connection. With CIPHER/PROTOCOL negotiation error in
>> browser. Yea, latest Chrome.
>>
>> Does this mean that Squid is not support ECDSA?
>>
> It means your certificate was not created with the flags indicating
> which Curve it is to be used with.
>   <https://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography#Named_Curves>
>
> I can't find any evidence of the flag being set on generated
> certificates. So that may also be adding to the problem.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users



More information about the squid-users mailing list