-
Notifications
You must be signed in to change notification settings - Fork 2
/
stunnel.conf
37 lines (32 loc) · 878 Bytes
/
stunnel.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
foreground = yes
debug = info
syslog = no
pid =
setuid = stunnel4
setgid = stunnel4
;foreground = yes | quiet | no
;output = /var/log/stunnel.log
;syslog = *yes* | no
; openSSL security options
options = NO_SSLv2
options = NO_SSLv3
options = NO_TICKET
options = NO_COMPRESSION
options = SINGLE_DH_USE
options = SINGLE_ECDH_USE
; rationale:
; https://www.heise.de/security/meldung/Verschluesselung-OpenSSL-fixt-kritische-Sicherheitsluecke-3086480.html
; https://timtaubert.de/blog/2014/11/the-sad-state-of-server-side-tls-session-resumption-implementations/
[smtptls]
accept = {{ main_ip }}:25
connect = localhost:5025
protocol = smtp
cert = /app/etc/server.cert.dhparam.pem
key = /app/etc/server.key.pem
# curve = NID
# ciphers = CIPHER_LIST
[smtps]
accept = {{ main_ip }}:465
connect = localhost:5025
cert = /app/etc/server.cert.dhparam.pem
key = /app/etc/server.key.pem