2 * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
4 * Squid software is distributed under GPLv2+ license and includes
5 * contributions from numerous individuals and organizations.
6 * Please see the COPYING and CONTRIBUTORS files for details.
9 #ifndef SQUID_SRC_SECURITY_SERVEROPTIONS_H
10 #define SQUID_SRC_SECURITY_SERVEROPTIONS_H
12 #include "security/PeerOptions.h"
17 /// TLS squid.conf settings for a listening port
18 class ServerOptions
: public PeerOptions
21 ServerOptions() : PeerOptions() {
22 // Bug 4005: dynamic contexts use a lot of memory and it
23 // is more secure to have only a small set of trusted CA.
24 flags
.tlsDefaultCa
.defaultTo(false);
26 virtual ~ServerOptions() = default;
28 /* Security::PeerOptions API */
29 virtual void parse(const char *);
30 virtual void clear() {*this = ServerOptions();}
31 virtual Security::ContextPtr
createBlankContext() const;
32 virtual void dumpCfg(Packable
*, const char *pfx
) const;
34 /// update the context with DH, EDH, EECDH settings
35 void updateContextEecdh(Security::ContextPtr
&);
38 /// TLS context to use for HTTPS accelerator or static SSL-Bump
39 Security::ContextPointer staticContext
;
45 SBuf dh
; ///< Diffi-Helman cipher config
46 SBuf dhParamsFile
; ///< Diffi-Helman ciphers parameter file
47 SBuf eecdhCurve
; ///< Elliptic curve for ephemeral EC-based DH key exchanges
49 Security::DhePointer parsedDhParams
; ///< DH parameters for temporary/ephemeral DH key exchanges
52 } // namespace Security
54 #endif /* SQUID_SRC_SECURITY_SERVEROPTIONS_H */