Squid configuration directive https_port
- Changes to https_port in Squid-4:
New option tls-min-version=1.N to set minimum TLS version allowed.
New option tls-no-default-ca replaces sslflags=NO_DEFAULT_CA
All options= values for SSLv2 configuration or disabling have been removed.
Removed version= option. Use tls-options= instead.
New options=SINGLE_ECDH_USE parameter to enable ephemeral ECDH key exchange.
Deprecated dhparams= option. Use tls-dh= instead. The new option allows to optionally specify an elliptic curve for ephemeral ECDH by adding curve-name: in front of the parameter file name.
Manual squid.conf update may be required on upgrade.
Replaced cafile= with tls-cafile= which takes multiple entries.
- Changes to https_port in Squid-3.5:
protocol= option altered to accept protocol version details. Currently supported values are: HTTP, HTTP/1.1, HTTPS, HTTPS/1.1
For older versions than 3.3 see the linked pages above
|Requires:||--with-gnutls or --with-openssl|
Usage: [ip:]port [mode] cert=certificate.pem [options] The socket address where Squid will listen for client requests made over TLS or SSL connections. Commonly referred to as HTTPS. This is most useful for situations where you are running squid in accelerator mode and you want to do the TLS work at the accelerator level. You may specify multiple socket addresses on multiple lines, each with their own certificate and/or options. The TLS cert= option is mandatory on HTTPS ports. See http_port for a list of modes and options.
- About Squid
- Why Squid?
- Squid Developers
- How to Donate
- How to Help Out
- Getting Squid
- Squid Source Packages
- Squid Deployment Case-Studies
- Squid Software Foundation
- FAQ and Wiki
- Guide Books:
- Security Advisories
- Bugzilla Database
- Mailing lists
- Contacting us
- Commercial services
- Project Sponsors
- Squid-based products
- Developer Resources
- Related Writings
- Related Software:
- Squid Artwork