With SSL versions less than 0.9.5a, also determines how many bytes of data areĬonsidered sufficient to seed the PRNG. Number of bytes of data read from random seed files. Pid path is relative to chroot directory if specified. If the argument is empty, then no pid file will be created. dev/stdout device can be used to redirect log messages to the standard output (for example to log them with daemontools splogger). Stay in foreground (don't fork) and log to stderr instead of via syslog (unless output is specified).Īppend log messages to a file instead of using syslog This option allows to disable entering FIPS mode if stunnel was compiled with FIPS 140-2 support. Special commands " LOAD " and " INIT " can be used to load and initialize the engine cryptogaphic module. There's an example in ' EXAMPLES ' section. (Available only if compiled with OpenSSL 0.9.5a or higher) (Facilities are not supported on Win32.)Ĭase is ignored for both facilities and levels.Įntropy Gathering Daemon socket to use to feed OpenSSL random number generator. The syslog facility 'authpriv' will be used unless a facility name is supplied. Use debug = debug or debug = 7 for greatest debugging output. The specified level and all levels numerically less than it will be shown. Level is a one of the syslog level names or numbers emerg (0), alert (1), crit (2), err (3), warning (4), notice (5), info (6), or debug (7).
Rle compression is currently not implemented by the OpenSSL library.
Zlib compression of OpenSSL 0.9.8 or above is not backward compatible with OpenSSL 0.9.7. To have libwrap ( TCP Wrappers) control effective in a chrooted environment you also have to copy its configuration files (/etc/hosts.allow Have to be relative to the directory specified with chroot. CApath, CRLpath, pid and exec are located inside the jail and the patches GLOBAL OPTIONS chroot = directory (Unix only)Ĭhroot keeps stunnel in chrooted jail.
STUNNEL CONF FILE SOFTWARE
This product includes cryptographic software written by Eric Young ( specified configuration file PPP over network sockets without changes to the source code.
Stunnel can be used to add SSL functionality to commonly used Inetd daemons like POP-2, POP-3 ,Īnd IMAP servers, to standalone daemons like NNTP, SMTP and HTTP, and in tunneling The concept is that having non-SSL aware daemons running on your system you can easily set them up to communicate with clients over secure The stunnel program is designed to work as SSL encryption wrapper between remote clients and local ( inetd-startable) or
0 kommentar(er)
