| Index | Alphabetical Index |
| Option Name: | https_port |
|---|---|
| Replaces: | |
| Requires: | --enable-ssl |
| Default Value: | none |
| Suggested Config: |
|
Usage: [ip:]port cert=certificate.pem [key=key.pem] [options...] The socket address where Squid will listen for HTTPS client requests. This is really only useful for situations where you are running squid in accelerator mode and you want to do the SSL work at the accelerator level. You may specify multiple socket addresses on multiple lines, each with their own SSL certificate and/or options. Options: accel Accelerator mode. Also needs at least one of defaultsite or vhost. defaultsite= The name of the https site presented on this port. Implies accel. vhost Accelerator mode using Host header for virtual domain support. Requires a wildcard certificate or other certificate valid for more than one domain. Implies accel. protocol= Protocol to reconstruct accelerated requests with. Defaults to https. cert= Path to SSL certificate (PEM format). key= Path to SSL private key file (PEM format) if not specified, the certificate file is assumed to be a combined certificate and key file. version= The version of SSL/TLS supported 1 automatic (default) 2 SSLv2 only 3 SSLv3 only 4 TLSv1 only cipher= Colon separated list of supported ciphers. NOTE: some ciphers such as EDH ciphers depend on additional settings. If those settings are omitted the ciphers may be silently ignored by the OpenSSL library. options= Various SSL engine options. The most important being: NO_SSLv2 Disallow the use of SSLv2 NO_SSLv3 Disallow the use of SSLv3 NO_TLSv1 Disallow the use of TLSv1 SINGLE_DH_USE Always create a new key when using temporary/ephemeral DH key exchanges See OpenSSL SSL_CTX_set_options documentation for a complete list of options. clientca= File containing the list of CAs to use when requesting a client certificate. cafile= File containing additional CA certificates to use when verifying client certificates. If unset clientca will be used. capath= Directory containing additional CA certificates and CRL lists to use when verifying client certificates. crlfile= File of additional CRL lists to use when verifying the client certificate, in addition to CRLs stored in the capath. Implies VERIFY_CRL flag below. dhparams= File containing DH parameters for temporary/ephemeral DH key exchanges. See OpenSSL documentation for details on how to create this file. WARNING: EDH ciphers will be silently disabled if this option is not set. sslflags= Various flags modifying the use of SSL: DELAYED_AUTH Don't request client certificates immediately, but wait until acl processing requires a certificate (not yet implemented). NO_DEFAULT_CA Don't use the default CA lists built in to OpenSSL. NO_SESSION_REUSE Don't allow for session reuse. Each connection will result in a new SSL session. VERIFY_CRL Verify CRL lists when accepting client certificates. VERIFY_CRL_ALL Verify CRL lists for all certificates in the client certificate chain. sslcontext= SSL session ID context identifier. generate-host-certificates[=<on|off>] Dynamically create SSL server certificates for the destination hosts of bumped CONNECT requests.When enabled, the cert and key options are used to sign generated certificates. Otherwise generated certificate will be selfsigned. If there is CA certificate life time of generated certificate equals lifetime of CA certificate. If generated certificate is selfsigned lifetime is three years. This option is enabled by default when SslBump is used. See the sslBump option above for more information. dynamic_cert_mem_cache_size=SIZE Approximate total RAM size spent on cached generated certificates. If set to zero, caching is disabled. The default value is 4MB. An average XXX-bit certificate consumes about XXX bytes of RAM. vport Accelerator with IP based virtual host support. vport=NN As above, but uses specified port number rather than the https_port number. Implies accel. name= Specifies a internal name for the port. Defaults to the port specification (port or addr:port) |
|
| Index | Alphabetical Index |