2 * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 #ifndef SQUID_SRC_SECURITY_SERVEROPTIONS_H
10 #define SQUID_SRC_SECURITY_SERVEROPTIONS_H
12 #include "anyp/forward.h"
13 #include "security/PeerOptions.h"
18 /// TLS squid.conf settings for a listening port
19 class ServerOptions
: public PeerOptions
22 ServerOptions() : PeerOptions() {
23 // Bug 4005: dynamic contexts use a lot of memory and it
24 // is more secure to have only a small set of trusted CA.
25 flags
.tlsDefaultCa
.defaultTo(false);
27 virtual ~ServerOptions() = default;
29 /* Security::PeerOptions API */
30 virtual void parse(const char *);
31 virtual void clear() {*this = ServerOptions();}
32 virtual Security::ContextPtr
createBlankContext() const;
33 virtual void dumpCfg(Packable
*, const char *pfx
) const;
35 /// generate a security server-context from these configured options
36 /// the resulting context is stored in staticContext
37 /// \returns true if a context could be created
38 bool createStaticServerContext(AnyP::PortCfg
&);
40 /// update the context with DH, EDH, EECDH settings
41 void updateContextEecdh(Security::ContextPtr
&);
44 /// TLS context to use for HTTPS accelerator or static SSL-Bump
45 Security::ContextPointer staticContext
;
51 SBuf dh
; ///< Diffi-Helman cipher config
52 SBuf dhParamsFile
; ///< Diffi-Helman ciphers parameter file
53 SBuf eecdhCurve
; ///< Elliptic curve for ephemeral EC-based DH key exchanges
55 Security::DhePointer parsedDhParams
; ///< DH parameters for temporary/ephemeral DH key exchanges
58 } // namespace Security
60 #endif /* SQUID_SRC_SECURITY_SERVEROPTIONS_H */