add example stunnel configs

2 files changed, 52 insertions, 0 deletions

diff --git a/stunnel/client.cfg b/stunnel/client.cfg
new file mode 100644
index 0000000..fc39f15
--- /dev/null
+++ b/stunnel/client.cfg
@@ -0,0 +1,24 @@
+; It is recommended to drop root privileges if stunnel is started by root
+setuid = nobody
+setgid = nobody
+
+; **************************************************************************
+; * Service defaults may also be specified in individual service sections  *
+; **************************************************************************
+
+options = -NO_SSLv3
+
+; These options provide additional security at some performance degradation
+;options = SINGLE_ECDH_USE
+;options = SINGLE_DH_USE
+
+; **************************************************************************
+; * Service definitions (remove all services for inetd mode)               *
+; **************************************************************************
+
+; ***************************************** Example TLS client mode services
+
+[telnet]
+client = yes
+accept = 127.0.0.1:23
+connect = REMOTE_HOST:992
diff --git a/stunnel/server.cfg b/stunnel/server.cfg
new file mode 100644
index 0000000..7772d54
--- /dev/null
+++ b/stunnel/server.cfg
@@ -0,0 +1,28 @@
+; Lines preceded with a “;” are comments
+; Empty lines are ignored
+; For more options and details: see the manual (stunnel.html)
+
+; File with certificate and private key
+cert = YOUR_CERT_HERE.pem
+key = YOUR_KEY_HERE.pem
+
+; Log (1= minimal, 5=recommended, 7=all) and log file)
+; Preceed with a “;” to disable logging
+debug = 5
+output = stunnel.log
+
+; Some performance tuning
+socket = l:TCP_NODELAY=1
+socket = r:TCP_NODELAY=1
+
+; Data compression algorithm: zlib or rle
+compression = zlib
+
+; SSL bug options / NO SSL:v2 (SSLv3 and TLSv1 is enabled)
+options = ALL
+options = NO_SSLv2
+
+[telnets]
+accept = 0.0.0.0:992
+connect = 127.0.0.1:1234
+TIMEOUTclose = 0