Name

https_port

Synopsis

This directive allows Squid to accept encrypted (SSL or TLS) connections. It is available only when you use the /configure —enable-ssl option.

The mandatory cert= argument specifies the pathname to an SSL certificate file in PEM format. This is the format commonly used by OpenSSL and other security software for portable representation of encryption keys.

The optional key= argument is the path to a private key file. If you omit this option, Squid assumes the former key file also contains a private key.

You can use the version= argument to tell Squid which protocol versions are allowed: 1=automatic, 2=SSLv2 only, 3=SSLv3 only, 4=TLSv1 only.

The cipher= argument is an optional colon-separated list of allowed ciphers. Squid simply passes this list to the SSL_CTX_set_cipher_list() function.

Lastly, the options= argument allows you to pass additional configuration parameters to the OpenSSL library. For example, NO_SSLv2, NO_SSLv3, and NO_TLSv1 disable the use of those particular protocols. Additional option keywords are defined in Squid’s src/ssl_support.c file.

Syntax

https_port [hostname:]port cert=certificate.pem [key=key.pem] [version=N]
[cipher=list] [options=SSL_Options]

Default

No default

Example

https_port 443 cert=/etc/squid-cert.pem key=/etc/squid-privkey.pem

Related

http_port, http_access

Get Squid: The Definitive Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.