; Sample stunnel configuration file by Michal Trojnara 2002-2005
; Some options used here may not be adequate for your particular configuration
; Please make sure you understand them (especially the effect of chroot jail)

; Certificate/key is needed in server mode and optional in client mode
cert = /etc/stunnel/certagent.pem
key = /etc/stunnel/certagent.pem

; Some security enhancements for UNIX systems - comment them out on Win32
;chroot = /usr/var/stunnel/
setuid = stunnel4
setgid = stunnel4
; PID is created inside chroot jail
pid = /usr/var/stunnel/stunnel.pid
;/var/run/stunnel4/stunnel.pid

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
compression = rle
;compression = zlib

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
verify = 3
; Don't forget to c_rehash CApath;  CApath is located inside chroot jail:
CApath = /usr/var/stunnel/certs
; It's often easier to use CAfile:
;CAfile = /usr/etc/stunnel/certs.pem
; Don't forget to c_rehash CRLpath;  CRLpath is located inside chroot jail:
CRLpath = /usr/var/stunnel/crls
; Alternatively you can use CRLfile:
;CRLfile = /usr/etc/stunnel/crls.pem

; Some debugging stuff useful for troubleshooting
debug = 7
;output = /var/log/stunnel4/stunnel.log
output = /etc/stunnel/log.txt


; Use it for client mode
client = no
foreground = yes

; Service-level configuration

;[pop3s]
;accept  = 995
;connect = 110

;[imaps]
;accept  = 993
;connect = 143

;[ssmtp]
;accept  = 465
;connect = 25
;[daytime]
;accept = 127.0.0.1:1300
;connect = nimrod:130

;[https]
;accept  = 444
;connect = 127.0.0.1:80
[CF2]
accept = 4000
;exec = /usr/bin/env
;execargs = env > /usr/var/stunnel/bin/env.txt
exec = /usr/var/stunnel/bin/CF2
execargs =  -p /usr/var/stunnel/pipes/ -l /usr/var/stunnel/CF.log 

;TIMEOUTclose = 0

; vim:ft=dosini