>> https_port 3130 intercept ssl-bump \ >> cert=/etc/squid/ssl_cert/squidCA.pem \ >> key=/etc/squid/ssl_cert/squidCA.pem \ >> generate-host-certificates=on dynamic_cert_mem_cache_size=4MB >> tls-dh=/etc/squid/ssl_cert/dhparam.pem > >These DH parameters are for old DH not for ECDHE (missing curve name). >So this may be restricting what your Squid can do to match up the client and >server crypto requirements.
Hi Amos, I have commented the line: "tls-dh=/etc/squid/ssl_cert/dhparam.pem" And, it seems that many errors (SSL errors) in cache.log have disappeared. I will confirm later if WhatsApp works from iOS/Android. Thank You! PS: I used this option (tls-dh, dhparam, etc..) following the official documentation of squid-cache.org for the "hardening" ... or "improve security", etc. _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
