TAG NAME https_port

Description Port where Squid will listen for clients https requests
Build Option
 –enable-ssl
Usage
 https_port [ip:]port cert=certificate.pem [key=key.pem] [options...]
Default
 none
Synopsis
This parameter specifies the address where Squid will listen for client’s https requests. Its role is significant when Squid is configured in accelerator mode where SSL works to be done.

Arguments

ip IP Address to which Squid will bind the socket
port Port to which Squid will bind the socket
cert=certificate.pem Path and the file name where SSL certificate is located
key=key.pem Path and the file name where SSL private key for the certificate is located

options controls other additional features and  are explained in the table below:

Options
 Functions
defaultsite=
 The name of the https site presented on this port
protocol=
 Protocol to reconstruct accelerated requests with. Defaults to https.
cert=
 Path to SSL certificate (PEM format)
key=
 Path to SSL private key file (PEM format) if not specified, the certificate file is assumed to be a combined
certificate and key file
version=
 The version of SSL/TLS supported
1    automatic (default)
2    SSLv2 only
3    SSLv3 only
4    TLSv1 only
cipher=
 Colon separated list of supported ciphers
options=
 Various SSL engine options. The most important being:

NO_SSLv2  Disallow the use of SSLv2
NO_SSLv3  Disallow the use of SSLv3
NO_TLSv1  Disallow the use of TLSv1
SINGLE_DH_USE Always create a new key when using temporary/ephemeral DH key exchanges

See src/ssl_support.cc or OpenSSL SSL_CTX_set_options documentation for a complete list of options.
clientca=
 File containing the list of CAs to use when requesting a client certificate
cafile=
 File containing additional CA certificates to use when verifying client certificates. If unset clientca will be used.
capath=
 Directory containing additional CA certificates to use when verifying client certificates
dhparams=
 File containing DH parameters for temporary/ephemeral DH key exchanges
sslflags=
 Various flags modifying the use of SSL:
DELAYED_AUTH   – Don’t request client certificates immediately, but wait until acl processing requires a certificate
NO_DEFAULT_CA – Don’t use the default CA list built in to OpenSSL.

Example(s)
https_port 443 cert=/usr/local/ssl/cert.pem key=/usr/local/ssl/key.pem defaultsite=squidconfiguration.com