[squid-users] dh key too small
Marek Greško
mgresko8 at gmail.com
Mon Feb 15 18:56:17 UTC 2021
Hello,
I am struggling with "ERROR: negotiating TLS on FD 53:
error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small
(1/-1/0)" error when ssl bumping.
I cannot find out where the problem liesand why is the key too small.
I regenerated my dhparams with openssl dhparam -outform PEM -out
dhparam.pem 4096.
http_port 3128 ssl-bump \
generate-host-certificates=on \
dynamic_cert_mem_cache_size=4MB \
cert=/**********************/bump-ca.crt \
key=/**********************/bump-ca.key \
tls-dh=/etc/squid/dhparam.pem
ssl_bump peek step1
ssl_bump bump bumped_group !bank_dom
ssl_bump splice all
I use recent Fedora 33 packages.
I observe the issue when connecting to https://www.p-mat.sk as a bumped user.
Thanks for any help.
Marek
More information about the squid-users
mailing list