Name
https_port
Synopsis
This directive allows Squid to accept encrypted (SSL or TLS) connections. It is
available only when you use the /configure
—enable-ssl
option.
The mandatory cert=
argument specifies the
pathname to an SSL certificate file in PEM format. This is the format
commonly used by OpenSSL and other security software for portable
representation of encryption keys.
The optional key=
argument is the path to a
private key file. If you omit this option, Squid assumes the former
key file also contains a private key.
You can use the version=
argument to tell Squid
which protocol versions are allowed: 1=automatic, 2=SSLv2 only,
3=SSLv3 only, 4=TLSv1 only.
The cipher=
argument is an optional
colon-separated list of allowed ciphers. Squid simply passes this list
to the SSL_CTX_set_cipher_list( )
function.
Lastly, the options=
argument allows you to
pass additional configuration parameters to the OpenSSL library. For
example, NO_SSLv2
, NO_SSLv3
, and NO_TLSv1
disable the use of those particular
protocols. Additional option keywords are defined in Squid’s src/ssl_support.c file.
Syntax | https_port [ |
Default | No default |
Example | https_port 443 cert=/etc/squid-cert.pem key=/etc/squid-privkey.pem |
Related | http_port, http_access |
Get Squid: The Definitive Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.