Hi team, Any update on this?
Regards, Nikhil On Thu, Sep 14, 2023 at 6:05 PM Shyam varun <shyam3...@gmail.com> wrote: > Dear Squid Mailing List Community, > > I hope this email finds you well. I am currently working on configuring > SSL bump in Squid proxy server to support ECDSA ciphers, and I am seeking > assistance with a particular issue I've encountered. > > To provide some context: > > - *Squid Version:* Squid 5.2 > - *OpenSSL Version*: OpenSSL 1.1.1l > - *OS:* Alpine Linux v3.16 > - > *Squid Configuration: * > > * sslproxy_cert_error allow all* > > * sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/ssl_db > -M 4MB* > > > * http_port 3129 ssl-bump generate-host-certificates=on > dynamic_cert_mem_cache_size=4MB cert=/opt/ssl/intermediate_certificate.pem > key=/opt/ssl/intermediate_key.pem options=SINGLE_DH_USE,SINGLE_ECDH_USE > tls-dh=/opt/dhparam.pem* > > > * tls_outgoing_options min-version=1.1 options=NO_SSLv3* > > > * acl step1 at_step SslBump1* > > * ssl_bump peek step1* > > * ssl_bump bump all* > > > The goal of my configuration is to enable SSL bump for ECDSA ciphers, > specifically the "ECDHE-ECDSA-AES256-GCM-SHA384" and > "ECDHE-ECDSA-AES128-GCM-SHA256" cipher suites. However, I've run into > challenges and issues while trying to achieve this. > > *Things I tried:* > > 1. I created an ECDSA-based certificate chain using OpenSSL. > 2. I configured the ECDSA-based certificate certs in squid as shown in > above snippet but still not able to make it work. > > > I've thoroughly reviewed the Squid documentation and online resources, but > I haven't been able to resolve these issues on my own. > > I would greatly appreciate any guidance, insights, or assistance from the > Squid community regarding the proper configuration for SSL bump with ECDSA > ciphers. If you have successfully configured Squid to support ECDSA ciphers > or if you have expertise in this area, your input would be invaluable. > > Thank you in advance for your time and support. I look forward to your > responses and insights. >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
