Squid configuration directive https_port
- Changes to https_port in Squid-4:
New option tls-min-version=1.N to set minimum TLS version allowed.
New option tls-default-ca replaces sslflags=NO_DEFAULT_CA, the default is also changed to OFF.
New option tls-no-npn to disable sending TLS NPN extension.
New tls-options= option value to disable TLS/1.3.
All options= values for SSLv2 configuration or disabling have been removed.
Removed version= option. Use tls-options= instead.
Manual squid.conf update may be required on upgrade.
Replaced cafile= with tls-cafile= which takes multiple entries.
Changed default value of generate-host-certificates to ON.
- Changes to https_port in Squid-3.5:
protocol= option altered to accept protocol version details. Currently supported values are: HTTP, HTTP/1.1, HTTPS, HTTPS/1.1
For older versions than 3.3 see the linked pages above
|Requires:||--with-gnutls or --with-openssl|
Usage: [ip:]port [mode] tls-cert=certificate.pem [options] The socket address where Squid will listen for client requests made over TLS or SSL connections. Commonly referred to as HTTPS. This is most useful for situations where you are running squid in accelerator mode and you want to do the TLS work at the accelerator level. You may specify multiple socket addresses on multiple lines, each with their own certificate and/or options. The tls-cert= option is mandatory on HTTPS ports. See http_port for a list of modes and options.
- About Squid
- Why Squid?
- Squid Developers
- How to Donate
- How to Help Out
- Getting Squid
- Squid Source Packages
- Squid Deployment Case-Studies
- Squid Software Foundation
- FAQ and Wiki
- Guide Books:
- Security Advisories
- Bugzilla Database
- Mailing lists
- Contacting us
- Commercial services
- Project Sponsors
- Squid-based products
- Developer Resources
- Related Writings
- Related Software:
- Squid Artwork