# Sample Configuration File for Privoxy 3.0.29
#
-# Copyright (C) 2001-2019 Privoxy Developers https://www.privoxy.org/
+# Copyright (C) 2001-2020 Privoxy Developers https://www.privoxy.org/
#
#####################################################################
# #
# 4. ACCESS CONTROL AND SECURITY #
# 5. FORWARDING #
# 6. MISCELLANEOUS #
-# 7. WINDOWS GUI OPTIONS #
+# 7. TLS #
+# 8. WINDOWS GUI OPTIONS #
# #
#####################################################################
#
# result in DNS traffic.
#
# If the specified address isn't available on the system, or if
-# the hostname can't be resolved, Privoxy will fail to start.
+# the hostname can't be resolved, Privoxy will fail to start. On
+# GNU/Linux, and other platforms that can listen on not yet
+# assigned IP addresses, Privoxy will start and will listen on
+# the specified address whenever the IP address is assigned to
+# the system
#
# IPv6 addresses containing colons have to be quoted by
# brackets. They can only be used if Privoxy has been compiled
# # Define a couple of tags, the described effect requires action sections
# # that are enabled based on CLIENT-TAG patterns.
# client-specific-tag circumvent-blocks Overrule blocks but do not affect other actions
-# disable-content-filters Disable content-filters but do not affect other actions
-#
+# client-specific-tag disable-content-filters Disable content-filters but do not affect other actions
#
#
# 6.17. client-tag-lifetime
# receive-buffer-size 32768
#
#
+# 7. TLS/SSL
+# ===========
+#
+# 7.1. ca-directory
+# ==================
+#
+# Specifies:
+#
+# Directory with the CA key, the CA certificate and the trusted
+# CAs file.
+#
+# Type of value:
+#
+# Text
+#
+# Default value:
+#
+# Empty string
+#
+# Effect if unset:
+#
+# Default value is used.
+#
+# Notes:
+#
+# This directive specifies the directory where the CA key, the
+# CA certificate and the trusted CAs file are located.
+#
+# The permissions should only let Privoxy and the Privoxy admin
+# access the directory.
+#
+# Examples:
+#
+# ca-directory /usr/local/etc/privoxy/CA
+#
+#ca-directory /usr/local/etc/privoxy/CA
+#
+# 7.2. ca-cert-file
+# ==================
+#
+# Specifies:
+#
+# The CA certificate file in ".crt" format.
+#
+# Type of value:
+#
+# Text
+#
+# Default value:
+#
+# cacert.crt
#
-# 7. WINDOWS GUI OPTIONS
+# Effect if unset:
+#
+# Default value is used.
+#
+# Notes:
+#
+# This directive specifies the name of the CA certificate file
+# in ".crt" format.
+#
+# The file is used by Privoxy to generate website certificates
+# when https inspection is enabled with the https-inspection
+# action.
+#
+# Privoxy clients should import the certificate so that they can
+# validate the generated certificates.
+#
+# The file can be generated with: openssl req -new -x509
+# -extensions v3_ca -keyout cakey.pem -out cacert.crt -days 3650
+#
+# Examples:
+#
+# ca-cert-file root.crt
+#
+#ca-cert-file cacert.crt
+#
+# 7.3. ca-key-file
+# =================
+#
+# Specifies:
+#
+# The CA key file in ".pem" format.
+#
+# Type of value:
+#
+# Text
+#
+# Default value:
+#
+# cacert.pem
+#
+# Effect if unset:
+#
+# Default value is used.
+#
+# Notes:
+#
+# This directive specifies the name of the CA key file in ".pem"
+# format. See the ca-cert-file for a command to generate it.
+#
+# Examples:
+#
+# ca-key-file cakey.pem
+#
+#ca-key-file root.pem
+#
+# 7.4. ca-password
+# =================
+#
+# Specifies:
+#
+# The password for the CA keyfile.
+#
+# Type of value:
+#
+# Text
+#
+# Default value:
+#
+# Empty string
+#
+# Effect if unset:
+#
+# Default value is used.
+#
+# Notes:
+#
+# This directive specifies the password for the CA keyfile that
+# is used when Privoxy generates certificates for intercepted
+# requests.
+#
+# Note that the password is shown on the CGI page so don't reuse
+# an important one.
+#
+# Examples:
+#
+# ca-password blafasel
+#
+#ca-password swordfish
+#
+# 7.5. certificate-directory
+# ===========================
+#
+# Specifies:
+#
+# Directory to safe generated keys and certificates.
+#
+# Type of value:
+#
+# Text
+#
+# Default value:
+#
+# ./certs
+#
+# Effect if unset:
+#
+# Default value is used.
+#
+# Notes:
+#
+# This directive specifies the directory where generated TLS/SSL
+# keys and certificates are saved when https inspection is
+# enabled with the https-inspection action.
+#
+# The keys and certificates currently have to be deleted
+# manually when changing the ca-cert-file and the ca-cert-key.
+#
+# The permissions should only let Privoxy and the Privoxy admin
+# access the directory.
+#
+# Examples:
+#
+# certificate-directory /usr/local/var/privoxy/certs
+#
+#certificate-directory /usr/local/var/privoxy/certs
+#
+# 7.6. trusted-cas-file
+# ======================
+#
+# Specifies:
+#
+# The trusted CAs file in ".pem" format.
+#
+# Type of value:
+#
+# File name relative to ca-directory
+#
+# Default value:
+#
+# trustedCAs.pem
+#
+# Effect if unset:
+#
+# Default value is used.
+#
+# Notes:
+#
+# This directive specifies the trusted CAs file that is used
+# when validating certificates for intercepted TLS/SSL requests.
+#
+# An example file can be downloaded from https://curl.haxx.se/ca
+# /cacert.pem.
+#
+# Examples:
+#
+# trusted-cas-file trusted_cas_file.pem
+#
+#trusted-cas-file trustedCAs.pem
+#
+# 8. WINDOWS GUI OPTIONS
# =======================
#
# Privoxy has a number of options specific to the Windows GUI
# interface:
#
#
-#
# If "activity-animation" is set to 1, the Privoxy icon will animate
# when "Privoxy" is active. To turn off, set to 0.
#
#activity-animation 1
#
-#
-#
# If "log-messages" is set to 1, Privoxy copies log messages to the
# console window. The log detail depends on the debug directive.
#
#log-messages 1
#
-#
-#
# If "log-buffer-size" is set to 1, the size of the log buffer, i.e.
# the amount of memory used for the log messages displayed in the
# console window, will be limited to "log-max-lines" (see below).