Here is a sample squid.conf excerpt with SSL Bump-related options:
Enabling SSL Bump
Example of how to configure the HTTP port to bump CONNECT requests
http_port 3128 ssl-bump cert=/usr/local/squid3/etc/site_priv+pub.pem # Bumped requests have relative URLs so Squid has to use reverse proxy # or accelerator code. By default, that code denies direct forwarding. # The need for this option may disappear in the future. always_direct allow all
ssl_bump is used to prevent some requests being bumped.
acl broken_sites dstdomain .example.com ssl_bump deny broken_sites ssl_bump allow all
acl broken_sites dstdomain .example.com ssl_bump none broken_sites ssl_bump client-first all
However Squid-3.3 and later provide the server-first algorithm which can be used in place of client-first in the above rules and is better for bumping HTTPS as it avoided the problems below.