[squid-users] Transition from squid3.5 to squid4; ciphers don't work anymore, ERROR: Unknown TLS option SINGLE_DH_USE

Amos Jeffries squid3 at treenet.co.nz
Sat Feb 17 14:39:40 UTC 2018


On 18/02/18 03:10, Amos Jeffries wrote:
> 
> On 18/02/18 02:39, chiasa.men wrote:
>>
>> I could solve the "no ciphers available" by appending
>> "TLS13-AES-256-GCM-SHA384" to the ciphers.
>>
>> But the log shows the use of "ECDHE-ECDSA-AES256-GCM-SHA384"
>>
>> Why is that cipher relevant if its not used?
>>
> 
> The squid.conf cipher= are just strings passed to the OpenSSL library to
> interpret.
> 
> It is probably that "TLS13-AES-256-GCM-SHA384" is what your new library
> calls "ECDHE-ECDSA-AES256-GCM-SHA384".
> 

This seems to confirm the change:

<https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/>

"The new ciphersuites are defined differently and do not specify the
certificate type (e.g. RSA, DSA, ECDSA) or the key exchange mechanism
(e.g. DHE or ECHDE). This has implications for ciphersuite configuration."


Amos


More information about the squid-users mailing list