Hello,

I am struggling with "ERROR: negotiating TLS on FD 53:
error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small
(1/-1/0)" error when ssl bumping.

I cannot find out where the problem liesand why is the key too small.
I regenerated my dhparams with openssl dhparam -outform PEM -out
dhparam.pem 4096.

http_port 3128 ssl-bump \
        generate-host-certificates=on \
        dynamic_cert_mem_cache_size=4MB \
        cert=/**********************/bump-ca.crt \
        key=/**********************/bump-ca.key \
        tls-dh=/etc/squid/dhparam.pem

ssl_bump peek step1
ssl_bump bump bumped_group !bank_dom
ssl_bump splice all

I use recent Fedora 33 packages.

I observe the issue when connecting to https://www.p-mat.sk as a bumped user.

Thanks for any help.

Marek
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Reply via email to