[squid-users] ERROR: Unsupported TLS option SINGLE_ECDH_USE
Alex Rousskov
rousskov at measurement-factory.com
Fri Jul 5 17:52:43 UTC 2024
On 2024-07-05 11:35, Jonathan Lee wrote:
> tls_outgoing_options options=NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE
>
> ERROR: Unsupported TLS option SINGLE_ECDH_USE
Your OpenSSL version defines SSL_OP_SINGLE_ECDH_USE name but otherwise
ignores SSL_OP_SINGLE_ECDH_USE. OpenSSL behavior that was triggered by
using this option in old OpenSSL releases is now default behavior, so
using this option is no longer needed to trigger single-DH key use[1].
Adding SINGLE_ECDH_USE to your configuration achieves/changes nothing
(with modern OpenSSL versions) as far as traffic on the wire is
concerned. AFAICT, you should not use that option in squid.conf.
HTH,
Alex.
[1]:
https://wiki.openssl.org/index.php/List_of_SSL_OP_Flags#SSL_OP_SINGLE_DH_USE
More information about the squid-users
mailing list