Name
https_port
Synopsis
This directive allows Squid to accept encrypted (SSL or TLS) connections. It is
available only when you use the /configure
—enable-ssl option.
The mandatory cert= argument specifies the
pathname to an SSL certificate file in PEM format. This is the format
commonly used by OpenSSL and other security software for portable
representation of encryption keys.
The optional key= argument is the path to a
private key file. If you omit this option, Squid assumes the former
key file also contains a private key.
You can use the version= argument to tell Squid
which protocol versions are allowed: 1=automatic, 2=SSLv2 only,
3=SSLv3 only, 4=TLSv1 only.
The cipher= argument is an optional
colon-separated list of allowed ciphers. Squid simply passes this list
to the SSL_CTX_set_cipher_list( ) function.
Lastly, the options= argument allows you to
pass additional configuration parameters to the OpenSSL library. For
example, NO_SSLv2, NO_SSLv3, and NO_TLSv1 disable the use of those particular
protocols. Additional option keywords are defined in Squid’s src/ssl_support.c file.
Syntax | https_port [ |
Default | No default |
Example | https_port 443 cert=/etc/squid-cert.pem key=/etc/squid-privkey.pem |
Related | http_port, http_access |
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access