用户工具

站点工具


freebsd:network:stunnel_tls_tunnel

stunnel 的 TLS Tunnel 精简配置

只介绍 stunnel 作为 TLS Tunnel 的配置文件, 关于证书方面不介绍了.

不作客户端的证书验证, 仅TLS Tunnel

注: 对应新版openssl及stunnel, 以下配置为启用了TLSv1.3. 如果需要查看旧版TLSv1.2, 参看页面修改记录.

sslVersionMin = TLSv1.3
ciphersuites = TLS_AES_256_GCM_SHA384
socket=l:TCP_NODELAY=1
socket=r:TCP_NODELAY=1
pid=/tmp/stunnel.pid
sessionCacheTimeout=3600
sessionCacheSize=1000
setuid=65534
setgid=65534
delay=no
verify=0

[socks5ssl]
accept=50000
connect=127.0.0.1:60010
CAfile=/usr/local/etc/nginx/ssl/fullchain.pem
cert=/usr/local/etc/nginx/ssl/fullchain.pem
key=/usr/local/etc/nginx/ssl/privkey.pem

[https]
accept=50001
connect=127.0.0.1:60011
CAfile=/usr/local/etc/nginx/ssl/fullchain.pem
cert=/usr/local/etc/nginx/ssl/fullchain.pem
key=/usr/local/etc/nginx/ssl/privkey.pem
freebsd/network/stunnel_tls_tunnel.txt · 最后更改: 2019/05/19 00:57 由 Hshh