Hello,
I am struggling with "ERROR: negotiating TLS on FD 53:
error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small
(1/-1/0)" error when ssl bumping.
I cannot find out where the problem liesand why is the key too small.
I regenerated my dhparams with openssl dhparam -outform PEM -out
dhparam.pem 4096.
http_port 3128 ssl-bump \
generate-host-certificates=on \
dynamic_cert_mem_cache_size=4MB \
cert=/**********************/bump-ca.crt \
key=/**********************/bump-ca.key \
tls-dh=/etc/squid/dhparam.pem
ssl_bump peek step1
ssl_bump bump bumped_group !bank_dom
ssl_bump splice all
I use recent Fedora 33 packages.
I observe the issue when connecting to https://www.p-mat.sk as a bumped user.
Thanks for any help.
Marek
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
