====== stunnel 的 TLS Tunnel 精简配置 ======

只介绍 stunnel 作为 TLS Tunnel 的配置文件, 关于证书方面不介绍了.

不作客户端的证书验证, 仅TLS Tunnel

注: 对应新版openssl及stunnel, 以下配置为启用了TLSv1.3. 如果需要查看旧版TLSv1.2, 参看页面修改记录.

<code>
sslVersionMin = TLSv1.3
ciphersuites = TLS_AES_256_GCM_SHA384
socket=l:TCP_NODELAY=1
socket=r:TCP_NODELAY=1
pid=/tmp/stunnel.pid
sessionCacheTimeout=3600
sessionCacheSize=1000
setuid=65534
setgid=65534
delay=no
verify=0

[https]
accept=10000
connect=127.0.0.1:11000
CAfile=/usr/local/etc/nginx/ssl/fullchain.pem
cert=/usr/local/etc/nginx/ssl/fullchain.pem
key=/usr/local/etc/nginx/ssl/privkey.pem
</code>