; Sample stunnel configuration file by Michal Trojnara 2002-2009; Some options

1. ; Sample stunnel configuration file by Michal Trojnara 2002-2009
2. ; Some options used here may not be adequate for your particular configuration
3. ; Please make sure you understand them (especially the effect of the chroot jail)
4.  
5. ; Certificate/key is needed in server mode and optional in client mode
6. cert = /root/ssl_keys/certificate.crt
7. key = /root/ssl_keys/privateKey.key
8. ;key = /etc/ssl/certs/stunnel.pem
9.  
10. ; Protocol version (all, SSLv2, SSLv3, TLSv1)
11. sslVersion = all
12.  
13. ; Some security enhancements for UNIX systems - comment them out on Win32
14. ;;chroot = /var/lib/stunnel4/
15. ;;setuid = stunnel4
16. ;;setgid = stunnel4
17. ; PID is created inside the chroot jail
18. pid = /stunnel4.pid
19.  
20. ; Some performance tunings
21. socket = l:TCP_NODELAY=1
22. socket = r:TCP_NODELAY=1
23. ;compression = zlib
24.  
25. ; Workaround for Eudora bug
26. ;options = DONT_INSERT_EMPTY_FRAGMENTS
27.  
28. ; Authentication stuff
29. ;verify = 2
30. ; Don't forget to c_rehash CApath
31. ; CApath is located inside chroot jail
32. ;CApath = /certs
33. ; It's often easier to use CAfile
34. ;CAfile = /etc/stunnel/certs.pem
35. ; Don't forget to c_rehash CRLpath
36. ; CRLpath is located inside chroot jail
37. ;CRLpath = /crls
38. ; Alternatively you can use CRLfile
39. ;CRLfile = /etc/stunnel/crls.pem
40.  
41. ; Some debugging stuff useful for troubleshooting
42. debug = 7
43. ;debug = 3
44. output = /var/log/stunnel4/stunnel.log
45.  
46. ; Use it for client mode
47. ;client = yes
48.  
49. ; Report the real Client to the Logs.
50. transparent = yes
51.  
52. foreground = yes
53.  
54.  
55. ; Service-level configuration
56.  
57. [https]
58. accept = 443
59. connect = 80
60. ;TIMEOUTclose = 0
61.  
62. ; vim:ft=dosini