[squid-users] Squid Proxy SSL Bump can not retrieve SSL session back to the client?
Amos Jeffries
squid3 at treenet.co.nz
Thu Dec 12 09:42:55 UTC 2019
On 12/12/19 11:38 am, GeorgeShen wrote:
>
> did a 'openssl dhparam -out dhparams.pem 4096' to generate the dhparams.pem
> file, and added those into the squid.conf:
>
> http_port 3129 ssl-bump cert=/usr/local/squid/etc/ssl_cert/myCA.pem
> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
> *options=SINGLE_DH_USE:SINGLE_ECDH_USE
> tls-dh=/usr/local/squid/etc/dhparams.pem*
>
> when the client software include the ciphersuites of the above mentioned,
> still fail the TLS negotiation. Do I configured this incorrectly?
What you have so far enables the DH ciphers and algorithms, but not yet
the curve parts. For that you need to add the curve name to tls-dh option.
Amos
More information about the squid-users
mailing list