TAG NAME https_port

Description Port where Squid will listen for clients https requests
Build Option
 –enable-ssl
Usage
 https_port [ip:]port cert=certificate.pem key=key.pem] [options...]
Default
 none
Synopsis
This parameter specifies the address where Squid will listen for client’s https requests. Its role is significant when Squid is configured in accelerator mode where SSL works to be done.

Arguments

ip IP Address to which Squid will bind the socket
port Port to which Squid will bind the socket
cert=certificate.pem Path and the file name where SSL certificate is located
key=key.pem Path and the file name where SSL private key for the certificate is located

options controls other additional features and  are explained in the table below:

Options
 Functions
accel
 Accelerator mode. Also needs at least one of defaultsite or vhost.
defaultsite=
 The name of the https site presented on this port
vhost
 Domain based virtual host support. Useful in combination with a wildcard certificate or other certificates valid for more than one domain. Implies accel.
urlgroup=
 Default urlgroup to mark requests with
protocol=
 Protocol to reconstruct accelerated requests with. Defaults to https.
cert=
 Path to SSL certificate (PEM format)
key=
 Path to SSL private key file (PEM format) if not specified, the certificate file is assumed to be a combined
certificate and key file
version=
 The version of SSL/TLS supported
1    automatic (default)
2    SSLv2 only
3    SSLv3 only
4    TLSv1 only
cipher=
 Colon separated list of supported ciphers
options=
 Various SSL engine options. The most important being:

NO_SSLv2  Disallow the use of SSLv2
NO_SSLv3  Disallow the use of SSLv3
NO_TLSv1  Disallow the use of TLSv1
SINGLE_DH_USE Always create a new key when using temporary/ephemeral DH key exchanges

See src/ssl_support.cc or OpenSSL SSL_CTX_set_options documentation for a complete list of options.
clientca=
 File containing the list of CAs to use when requesting a client certificate
cafile=
 File containing additional CA certificates to use when verifying client certificates. If unset clientca will be used.
capath=
 Directory containing additional CA certificates to use when verifying client certificates
dhparams=
 File containing DH parameters for temporary/ephemeral DH key exchanges
sslflags=
 Various flags modifying the use of SSL:
DELAYED_AUTH   – Don’t request client certificates immediately, but wait until acl processing requires a certificate
NO_DEFAULT_CA – Don’t use the default CA list built in to OpenSSL.
NO_SESSION_REUSE – Don’t allow for session reuse. Each connection will result in a new SSL session.
VERIFY_CRL – Verify CRL lists when accepting client certificates
VERIFY_CRL_ALL – Verify CRL lists for all certificates in the client certificate chain
sslcontext=
 SSL session ID context identifier.

Example(s)
https_port 443 cert=/usr/local/ssl/cert.pem key=/usr/local/ssl/key.pem defaultsite=squidconfiguration.com