![]() The MD5 hash in least significant byte order).ĬApath path is relative to chroot directory if specified. 0 where XXXXXXXX is the hash value of the DER encoded subject of the cert (the first 4 bytes of Note that the certificates in this directory shouldīe named XXXXXXXX. This is the directory in which stunnel will look for certificates when using the verify. If no host specified, defaults to all IP addresses for the local host. Tcpserver) then you should read the section entitled INETD MODE below.Īccept connections on specified host:port Note that if you wish to run stunnel in inetd mode (where it is provided a network socket by a server such as inetd, xinetd, or The service name is used for libwrap ( TCP Wrappers) access controlĪnd lets you distinguish stunnel services in your log files. SERVICE-LEVEL OPTIONS Each configuration section begins with service name in square brackets. Only accept connections on loopback interface syslog = yes | no (Unix only) Turn off the Nagle algorithm for remote socketsĭisable address reuse (enabled by default) Set one minute timeout for closing local socket The values for linger option are l_onof:l_linger. Set an option on accept/local/remote socket Setgid() to groupname in daemon mode and clears all other groups On NT/2000/XP: NT service name in the Control Panel. On Unix: inetd mode service name for TCP Wrapper library. Overwrite the random seed files with new random data The SSL library will use data from this file first to seed the random number generator. More recent OpenSSL versions have a builtin function to determine when sufficient randomness is With SSL versions less than 0.9.5a, also determines how many bytes of data areĬonsidered sufficient to seed the PRNG. Number of bytes of data read from random seed files. Pid path is relative to chroot directory if specified. If the argument is empty, then no pid file will be created. dev/stdout device can be used to redirect log messages to the standard output (for example to log them with daemontools splogger). Stay in foreground (don't fork) and log to stderr instead of via syslog (unless output is specified).Īppend log messages to a file instead of using syslog This option allows to disable entering FIPS mode if stunnel was compiled with FIPS 140-2 support. Special commands " LOAD " and " INIT " can be used to load and initialize the engine cryptogaphic module. There's an example in ' EXAMPLES ' section. (Available only if compiled with OpenSSL 0.9.5a or higher) (Facilities are not supported on Win32.)Ĭase is ignored for both facilities and levels.Įntropy Gathering Daemon socket to use to feed OpenSSL random number generator. The syslog facility 'authpriv' will be used unless a facility name is supplied. Use debug = debug or debug = 7 for greatest debugging output. The specified level and all levels numerically less than it will be shown. ![]() Level is a one of the syslog level names or numbers emerg (0), alert (1), crit (2), err (3), warning (4), notice (5), info (6), or debug (7). Rle compression is currently not implemented by the OpenSSL library. Zlib compression of OpenSSL 0.9.8 or above is not backward compatible with OpenSSL 0.9.7. To have libwrap ( TCP Wrappers) control effective in a chrooted environment you also have to copy its configuration files (/etc/hosts.allow Have to be relative to the directory specified with chroot. CApath, CRLpath, pid and exec are located inside the jail and the patches GLOBAL OPTIONS chroot = directory (Unix only)Ĭhroot keeps stunnel in chrooted jail. '' indicating a start of a service definition.version Print stunnel version and compile time defaultsĭon't display a message box when successfully installed or uninstalled NT serviceĮach line of the configuration file can be either: Read the config file from specified file descriptor This product includes cryptographic software written by Eric Young ( specified configuration file PPP over network sockets without changes to the source code. Stunnel can be used to add SSL functionality to commonly used Inetd daemons like POP-2, POP-3 ,Īnd IMAP servers, to standalone daemons like NNTP, SMTP and HTTP, and in tunneling The concept is that having non-SSL aware daemons running on your system you can easily set them up to communicate with clients over secure The stunnel program is designed to work as SSL encryption wrapper between remote clients and local ( inetd-startable) or
0 Comments
Leave a Reply. |