[squid-users] https interception problem with Squid 5
ns at fabbricapolitica.com
ns at fabbricapolitica.com
Mon Feb 14 09:16:25 UTC 2022
Good morning,
I have been using Squid as an http caching proxy for a long time.
It's the second time I configured Squid for https caching and
interception/inspection.
The first time everything was fine
The second...not so much.
I use the ssl_bump feature.
With Squid 4.13 and Openssl v 1.1.1k-1 all works well without errors or
warnings.
With Squid v. 5.2.1 and Openssl v. 3.0.1, I got one error and one
warning.
I tried to use the same squid.conf for Squid 4 and Squid 5.
Here are the problems with Squid 5.
1) ERROR
I checked the configuration with the command "squid -k parse" and I got
this error: ERROR: Unable to configure Ephemeral ECDH:
error:0480006C:PEM routines::no start line
If I remove the curve name from tls-dh in the config file, the error
disappears.
First question: Which is the problem? How can I do to keep the curve
name (prime256v1)
2) WARNING
I checked the configuration with the command "squid -k parse" and I got
this warning: WARNING: Failed to decode DH parameters
'/var/lib/squid/ssl_cert/squid-self-signed_dhparam.pem'
I generated the file for the Diffie-Hellman algorithm with this command
(it worked with Squid4): openssl dhparam -outform PEM -out
squid-self-signed_dhparam.pem 2048
Second question: Have you an idea on how to fix this?
Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20220214/0063edd6/attachment.htm>
More information about the squid-users
mailing list