src/security/ServerOptions.h

   1 /*
   2  * Copyright (C) 1996-2016 The Squid Software Foundation and contributors
   3  *
   4  * Squid software is distributed under GPLv2+ license and includes
   5  * contributions from numerous individuals and organizations.
   6  * Please see the COPYING and CONTRIBUTORS files for details.
   7  */
   8
   9 #ifndef SQUID_SRC_SECURITY_SERVEROPTIONS_H
  10 #define SQUID_SRC_SECURITY_SERVEROPTIONS_H
  11
  12 #include "security/PeerOptions.h"
  13
  14 namespace Security
  15 {
  16
  17 /// TLS squid.conf settings for a listening port
  18 class ServerOptions : public PeerOptions
  19 {
  20 public:
  21     ServerOptions() : PeerOptions() {
  22         // Bug 4005: dynamic contexts use a lot of memory and it
  23         // is more secure to have only a small set of trusted CA.
  24         flags.tlsDefaultCa.defaultTo(false);
  25     }
  26     virtual ~ServerOptions() = default;
  27
  28     /* Security::PeerOptions API */
  29     virtual void parse(const char *);
  30     virtual void clear() {*this = ServerOptions();}
  31     virtual Security::ContextPtr createBlankContext() const;
  32     virtual void dumpCfg(Packable *, const char *pfx) const;
  33
  34     /// update the context with DH, EDH, EECDH settings
  35     void updateContextEecdh(Security::ContextPtr &);
  36
  37 public:
  38     /// TLS context to use for HTTPS accelerator or static SSL-Bump
  39     Security::ContextPointer staticContext;
  40
  41 private:
  42     void loadDhParams();
  43
  44 private:
  45     SBuf dh;            ///< Diffi-Helman cipher config
  46     SBuf dhParamsFile;  ///< Diffi-Helman ciphers parameter file
  47     SBuf eecdhCurve;    ///< Elliptic curve for ephemeral EC-based DH key exchanges
  48
  49     Security::DhePointer parsedDhParams; ///< DH parameters for temporary/ephemeral DH key exchanges
  50 };
  51
  52 } // namespace Security
  53
  54 #endif /* SQUID_SRC_SECURITY_SERVEROPTIONS_H */
  55