Squid configuration directive https_port

Available in: 4   3.5   3.4   3.3   3.2   2.7   3.1   3.0   2.6  


Changes to https_port in Squid-4:

New option tls-min-version=1.N to set minimum TLS version allowed.

New option tls-no-default-ca replaces sslflags=NO_DEFAULT_CA

All options= values for SSLv2 configuration or disabling have been removed.

Removed version= option. Use tls-options= instead.

New options=SINGLE_ECDH_USE parameter to enable ephemeral ECDH key exchange.

Deprecated dhparams= option. Use tls-dh= instead. The new option allows to optionally specify an elliptic curve for ephemeral ECDH by adding curve-name: in front of the parameter file name.

Manual squid.conf update may be required on upgrade.

Replaced cafile= with tls-cafile= which takes multiple entries.

Changes to https_port in Squid-3.5:

protocol= option altered to accept protocol version details. Currently supported values are: HTTP, HTTP/1.1, HTTPS, HTTPS/1.1

For older versions than 3.3 see the linked pages above

Configuration Details:

Option Name:https_port
Requires:--with-gnutls or --with-openssl
Default Value:none
Suggested Config:

	Usage:  [ip:]port [mode] cert=certificate.pem [options]

	The socket address where Squid will listen for client requests made
	over TLS or SSL connections. Commonly referred to as HTTPS.

	This is most useful for situations where you are running squid in
	accelerator mode and you want to do the TLS work at the accelerator level.

	You may specify multiple socket addresses on multiple lines,
	each with their own certificate and/or options.

	The TLS cert= option is mandatory on HTTPS ports.

	See http_port for a list of modes and options.









Web Site Translations