Thread: https ?
View Single Post
  #9  
Old 05-04-2004, 12:29 PM
BeerCan BeerCan is offline
New Member
  
Join Date: May 2004
Posts: 6
I guess you are telling me I am not doing what I am doing so I am attaching (with some stuff removed) a commented squid conf that shows the ssl options. I am sorry that all of this has become so difficult. Please notice the vhosts options.

Usage: [ip:]port cert=certificate.pem [key=key.pem] [options...]

The socket address where Squid will listen for HTTPS client
requests.

This is really only useful for situations where you are running
squid in accelerator mode and you want to do the SSL work at the
accelerator level.

You may specify multiple socket addresses on multiple lines,
each with their own SSL certificate and/or options.

Options:

defaultsite= The name of the https site presented on
this port

protocol= Protocol to reconstruct accelerated requests
with. Defaults to https

cert= Path to SSL certificate (PEM format)

key= Path to SSL private key file (PEM format)
if not specified, the certificate file is
assumed to be a combined certificate and
key file

version= The version of SSL/TLS supported
1 automatic (default)
2 SSLv2 only
3 SSLv3 only
4 TLSv1 only

cipher= Colon separated list of supported ciphers

options= Varions SSL engine options. The most important
being:
NO_SSLv2 Disallow the use of SSLv2
NO_SSLv3 Disallow the use of SSLv3
NO_TLSv1 Disallow the use of TLSv1
SINGLE_DH_USE Always create a new key when using
temporary/ephemeral DH key exchanges
See src/ssl_support.c or OpenSSL SSL_CTX_set_options
documentation for a complete list of options

clientca= File containing the list of CAs to use when
requesting a client certificate

cafile= File containing additional CA certificates to
use when verifying client certificates. If unset
clientca will be used

capath= Directory containing additional CA certificates
to use when verifying client certificates

dhparams= File containing DH parameters for temporary/ephemeral
DH key exchanges

sslflags= Various flags modifying the use of SSL:
DELAYED_AUTH
Don't request client certificates
immediately, but wait until acl processing
requires a certificate
NO_DEFAULT_CA
Don't use the default CA list built in
to OpenSSL

accel Accelerator mode. Also set implicit by the other
accelerator directives

vhost Accelerator mode using Host header for virtual
domain support

vport Accelerator with IP based virtual host support

vport=NN As above, but uses specified port number rather
than the https_port number
Reply With Quote