[squid-users] SSL errors with Squid 3.5.27
Julian Perconti
vh1988 at yahoo.com.ar
Sat Jun 9 15:46:06 UTC 2018
>> https_port 3130 intercept ssl-bump \
>> cert=/etc/squid/ssl_cert/squidCA.pem \
>> key=/etc/squid/ssl_cert/squidCA.pem \
>> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
>> tls-dh=/etc/squid/ssl_cert/dhparam.pem
>
>These DH parameters are for old DH not for ECDHE (missing curve name).
>So this may be restricting what your Squid can do to match up the client and server crypto requirements.
Hi Amos,
I have commented the line: "tls-dh=/etc/squid/ssl_cert/dhparam.pem"
And, it seems that many errors (SSL errors) in cache.log have disappeared.
I will confirm later if WhatsApp works from iOS/Android.
Thank You!
PS: I used this option (tls-dh, dhparam, etc..) following the official documentation of squid-cache.org for the "hardening" ... or "improve security", etc.
More information about the squid-users
mailing list