squid-cache.org

	Colon (:) or comma (,) separated list of SSL implementation options
	to use when proxying https:// URLs
	
	The most important being:

	    NO_SSLv2    Disallow the use of SSLv2
	    NO_SSLv3    Disallow the use of SSLv3
	    NO_TLSv1    Disallow the use of TLSv1.0
	    NO_TLSv1_1  Disallow the use of TLSv1.1
	    NO_TLSv1_2  Disallow the use of TLSv1.2

	    SINGLE_DH_USE
		      Always create a new key when using temporary/ephemeral
		      DH key exchanges

	    NO_TICKET
		      Disable use of RFC5077 session tickets. Some servers
		      may have problems understanding the TLS extension due
		      to ambiguous specification in RFC4507.

	    ALL       Enable various bug workarounds suggested as "harmless"
		      by OpenSSL. Be warned that this may reduce SSL/TLS
		      strength to some attacks.
	
	See the OpenSSL SSL_CTX_set_options documentation for a
	complete list of possible options.
	
	WARNING: This directive takes a single token. If a space is used
		 the value(s) after that space are SILENTLY IGNORED.