Squid configuration directive https_port

Available in: 4   3.5   3.4   3.3   3.2   2.7   3.1   3.0   2.6  


Changes to https_port in Squid-4:

New option tls-min-version=1.N to set minimum TLS version allowed.

New option tls-default-ca replaces sslflags=NO_DEFAULT_CA, the default is also changed to OFF.

New option tls-no-npn to disable sending TLS NPN extension.

New tls-options= option value to disable TLS/1.3.

All options= values for SSLv2 configuration or disabling have been removed.

Removed version= option. Use tls-options= instead.

Manual squid.conf update may be required on upgrade.

Replaced cafile= with tls-cafile= which takes multiple entries.

Changed default value of generate-host-certificates to ON.

Changes to https_port in Squid-3.5:

protocol= option altered to accept protocol version details. Currently supported values are: HTTP, HTTP/1.1, HTTPS, HTTPS/1.1

For older versions than 3.3 see the linked pages above

Configuration Details:

Option Name:https_port
Requires:--with-gnutls or --with-openssl
Default Value:none
Suggested Config:

	Usage:  [ip:]port [mode] tls-cert=certificate.pem [options]

	The socket address where Squid will listen for client requests made
	over TLS or SSL connections. Commonly referred to as HTTPS.

	This is most useful for situations where you are running squid in
	accelerator mode and you want to do the TLS work at the accelerator

	You may specify multiple socket addresses on multiple lines,
	each with their own certificate and/or options.

	The tls-cert= option is mandatory on HTTPS ports.

	See http_port for a list of modes and options.








Web Site Translations