[squid-users] ECDSA and SSL bump

Yuri Voinov yvoinov at gmail.com
Sun Jun 19 12:44:11 UTC 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
Cert generator is ok.

Bug 4497 still not gone. So, it is irrelevant ECDSA. Sad.


19.06.2016 15:18, Amos Jeffries пишет:
> On 19/06/2016 12:42 a.m., Yuri Voinov wrote:
>>
>> Good weekend to all.
>>
>> Gentlemen, somebody played with ECDSA-certificates and SSL bump with
SQUID?
>>
>> I have when trying to use ECDSA self-signed CA to bump, Squid (version
>> no matter) gives an error SSLv3 (for unknown reasons) and can not
>> establish a secure connection. With CIPHER/PROTOCOL negotiation error in
>> browser. Yea, latest Chrome.
>>
>> Does this mean that Squid is not support ECDSA?
>>
>
> It means your certificate was not created with the flags indicating
> which Curve it is to be used with.
> 
<https://wiki.openssl.org/index.php/Elliptic_Curve_Cryptography#Named_Curves>
>
> I can't find any evidence of the flag being set on generated
> certificates. So that may also be adding to the problem.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJXZpOaAAoJENNXIZxhPexGs3QIAKG1uufx/dOobMZjrpmA/9TT
KQTYCSFarH3P5i1tcVFZRc1HtdL/9bp30wWYJFqRTdqU5D6h608a64mgf6DHbtr0
E5JJVbNHvHPYlbK52+pue0K33sap58gL0R0ZCZUeAPOszh0UomMVNJDTCHUhV+F1
m2im44TZOzjwD9NQ+J3g6V5TbYZnv1nXw9EQCDPjgWpwJCPg01r7GbEsbT/A/ka6
WxtDgjw/p8wENzIE++BHC11G5iHt7/tEbzNJJ9HGV85/ly4VpZM4TvHkmnaNLAOq
A0gtZpWAuO9NtPNFkZBFbdaUyfLXUhc9+wvK0dtM5+iC4k0XXs+A8I9DyPgsp5Q=
=n9Au
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160619/18d559d8/attachment.key>


More information about the squid-users mailing list