packages/net/stunnel/files/stunnel.conf


; Certificate/key is needed in server mode and optional in client mode
cert = /etc/stunnel/stunnel.pem
;key = /usr/etc/stunnel/mail.pem

; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = all

; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /tmp
setuid = nobody
;setgid = nobody
pid = /stunnel.pid

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = rle

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

;verify = 2
;CApath = /certs
;CAfile = /usr/etc/stunnel/certs.pem
;CRLpath = /crls
;CRLfile = /usr/etc/stunnel/crls.pem

; Some debugging stuff useful for troubleshooting
;debug = 7
;output = stunnel.log

; Use it for client mode
;client = yes

; Service-level configuration

;[pop3s]
;accept  = 995
;connect = 110
;
;[imaps]
;accept  = 993
;connect = 143
;
;[ssmtp]
;accept  = 465
;connect = 25

[https]
accept  = 443
connect = 80
TIMEOUTclose = 0

[chilli]
accept  = 3443
connect = 3442
TIMEOUTclose = 0

; vim:ft=dosini
stunnel for kamikaze, contributed by coova, cleaned up by me. note: this requires V=99 so that you can specify cert params.. still ick, better option? put the variables as menu options? sorta ick too. git-svn-id: svn://svn.openwrt.org/openwrt/packages@5596 3c298f89-4303-0410-b956-a3cf2f4a3e73 2006-11-21 00:33:42 +00:00
			`; Certificate/key is needed in server mode and optional in client mode`
			`cert = /etc/stunnel/stunnel.pem`
			`;key = /usr/etc/stunnel/mail.pem`

			`; Protocol version (all, SSLv2, SSLv3, TLSv1)`
			`sslVersion = all`

			`; Some security enhancements for UNIX systems - comment them out on Win32`
			`chroot = /tmp`
			`setuid = nobody`
			`;setgid = nobody`
			`pid = /stunnel.pid`

			`; Some performance tunings`
			`socket = l:TCP_NODELAY=1`
			`socket = r:TCP_NODELAY=1`
			`;compression = rle`

			`; Workaround for Eudora bug`
			`;options = DONT_INSERT_EMPTY_FRAGMENTS`

			`;verify = 2`
			`;CApath = /certs`
			`;CAfile = /usr/etc/stunnel/certs.pem`
			`;CRLpath = /crls`
			`;CRLfile = /usr/etc/stunnel/crls.pem`

			`; Some debugging stuff useful for troubleshooting`
			`;debug = 7`
			`;output = stunnel.log`

			`; Use it for client mode`
			`;client = yes`

			`; Service-level configuration`

			`;[pop3s]`
			`;accept = 995`
			`;connect = 110`
			`;`
			`;[imaps]`
			`;accept = 993`
			`;connect = 143`
			`;`
			`;[ssmtp]`
			`;accept = 465`
			`;connect = 25`

			`[https]`
			`accept = 443`
			`connect = 80`
			`TIMEOUTclose = 0`

			`[chilli]`
			`accept = 3443`
			`connect = 3442`
			`TIMEOUTclose = 0`

			`; vim:ft=dosini`