On 2024-07-05 11:35, Jonathan Lee wrote:
tls_outgoing_options options=NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE
ERROR: Unsupported TLS option SINGLE_ECDH_USE
Your OpenSSL version defines SSL_OP_SINGLE_ECDH_USE name but otherwise
ignores SSL_OP_SINGLE_ECDH_USE. OpenSSL behavior that was triggered by
using this option in old OpenSSL releases is now default behavior, so
using this option is no longer needed to trigger single-DH key use[1].
Adding SINGLE_ECDH_USE to your configuration achieves/changes nothing
(with modern OpenSSL versions) as far as traffic on the wire is
concerned. AFAICT, you should not use that option in squid.conf.
HTH,
Alex.
[1]:
https://wiki.openssl.org/index.php/List_of_SSL_OP_Flags#SSL_OP_SINGLE_DH_USE
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users
