This option allows you to disable entering FIPS mode if stunnel was compiledwith FIPS 140-2 support.ĭefault: no (since version 5.00) foreground = yes | quiet | no (Unix only) foreground mode fips = yes | no enable or disable FIPS 140-2 mode. The following tasks may be available, if supported by the engine: ALL, RSA,DSA, ECDH, ECDSA, DH, RAND, CIPHERS, DIGESTS, PKEY, PKEY_CRYPTO, PKEY_ASN1. The parameter specifies a comma-separated list of task to be delegated to thecurrent engine. engineCtrl = COMMAND control hardware engine engineDefault = TASK_LIST set OpenSSL tasks delegated to the current engine See Examples section for an engine configuration to use the certificate and the corresponding private key from a cryptographic device. ![]() engine = auto | ENGINE_ID select hardware or software cryptographic engine EGD = EGD_PATH (Unix only) path to Entropy Gathering Daemon socketĮntropy Gathering Daemon socket to use to feed the OpenSSL random numbergenerator. The syslog facility 'authpriv' will be used unless a facility name is supplied.(Facilities are not supported on Win32.)Ĭase is ignored for both facilities and levels. Use debug = debug or debug = 7 for greatest debugging output. All logs for the specified level andall levels numerically less than it will be shown. Level is one of the syslog level names or numbersemerg (0), alert (1), crit (2), err (3), warning (4), notice (5),info (6), or debug (7). compression = deflate | zlib select data compression algorithmĭeflate is the standard compression method as described in RFC 1951. * Some other functions may need devices, e.g. * Local time in log files needs /etc/timezone. Several functions of the operating system also need their files to be located within the chroot jail, e.g.: * Delayed resolver typically needs /etc/nf and /etc/nf. CApath, CRLpath, pidand exec are located inside the jail and the patches have to be relativeto the directory specified with chroot. GLOBAL OPTIONS chroot = DIRECTORY (Unix only) directory to chroot stunnel processĬhroot keeps stunnel in a chrooted jail. * A colon-separated pair of IP address (either IPv4, IPv6, or domain name) and port number. * '' indicating a start of a service definition.Īn address parameter of an option may be either: * A port number. This product includes cryptographic software written byEric Young () OPTIONS FILE Use specified configuration file -fd N (Unix only) Read the config file from specified file descriptor -help Print stunnel help menu -version Print stunnel version and compile time defaults -sockets Print default socket options -options Print supported TLS options -install (Windows NT and later only) Install NT Service -uninstall (Windows NT and later only) Uninstall NT Service -start (Windows NT and later only) Start NT Service -stop (Windows NT and later only) Stop NT Service -reload (Windows NT and later only) Reload the configuration file of the running NT Service -reopen (Windows NT and later only) Reopen the log file of the running NT Service -exit (Win32 only) Exit an already started stunnel -quiet (Win32 only) Don't display any message boxes CONFIGURATION FILE Each line of the configuration file can be either: * An empty line (ignored). Stunnel can be used to add TLS functionality to commonly used Inetddaemons like POP-2, POP-3, and IMAP servers, to standalone daemons like NNTP, SMTP and HTTP, and in tunneling PPP over network sockets withoutchanges to the source code. The concept is that having non-TLS aware daemons running onyour system you can easily set them up to communicate with clients oversecure TLS channels. ![]() help | -version | -sockets | -options DESCRIPTION The stunnel program is designed to work as TLS encryption wrapperbetween remote clients and local ( inetd-startable) or remoteservers. ![]() Index NAMEstunnel - TLS offloading and load-balancing proxy SYNOPSIS Unix: stunnel | -fd N | -help | -version | -sockets | -options WIN32: stunnel [ [ -install | -uninstall | -start | -stop |
0 Comments
Leave a Reply. |