# Sample stunnel configuration file by Michal Trojnara 2002-2005 # Some options used here may not be adequate for your particular configuration # Please make sure you understand them (especially the effect of chroot jail) # Certificate/key is needed in server mode and optional in client mode # cert = /etc/stunnel/stunnel.pem # key = /etc/stunnel/stunnel.pem # Some security enhancements for UNIX systems - comment them out on Win32 # chroot = /chroot/stunnel/ setuid = stunnel setgid = stunnel # PID is created inside chroot jail pid = /run/stunnel/stunnel.pid # Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 #compression = rle # Workaround for Eudora bug #options = DONT_INSERT_EMPTY_FRAGMENTS # Authentication stuff #verify = 2 # Don't forget to c_rehash CApath # CApath is located inside chroot jail: #CApath = /certs # It's often easier to use CAfile: #CAfile = /etc/stunnel/certs.pem # Don't forget to c_rehash CRLpath # CRLpath is located inside chroot jail: #CRLpath = /crls # Alternatively you can use CRLfile: #CRLfile = /etc/stunnel/crls.pem # Some debugging stuff useful for troubleshooting #debug = 7 #output = stunnel.log # Use it for client mode client = yes # Service-level configuration #[pop3s] #accept = 995 #connect = 110 #[imaps] #accept = 993 #connect = 143 #[ssmtp] #accept = 465 #connect = 25 #[https] #accept = 443 #connect = 80 #TIMEOUTclose = 0