Sorry - but how is your solution different from: 1) openssl dhparam -outform PEM -out dhparam.pem 2048 2) https_port 3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/usr/local/squid/etc/rootCA.crt key=/usr/local/squid/etc/rootCA.key options=SINGLE_DH_USE,SINGLE_ECDH_USE tls-dh=/usr/local/squid/etc/dhparam.pem
Or tls-dh=prime256v1:/usr/local/squid/etc/dhparam.pem ? LL > I have tested 4.12 and with default settings I am getting an error on some > local common web pages. > > > > (71) Protocol error (TLS code: SQUID_ERR_SSL_HANDSHAKE) > Handshake with SSL server failed: error:141A318A:SSL > routines:tls_process_ske_dhe:dh key too small _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
