; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular configuration

; Specify that we intend to use TLSv1
sslVersion = TLSv1

; Certificate/key is needed in server mode and optional in client mode
; The default certificate is provided only for testing and should not
; be used in a production environment
cert = C:\Program Files\stunnel\stunnel.pem
;key = C:\Program Files\stunnel\stunnel.pem

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
verify = 3
; Don't forget to c_rehash CApath
CApath = D:\ajgonz\ClientServerTests
; It's often easier to use CAfile
;CAfile = certs.pem
; Don't forget to c_rehash CRLpath
;CRLpath = crls
; Alternatively you can use CRLfile
;CRLfile = crls.pem

; Some debugging stuff useful for troubleshooting
; up this number to 7 to get full log details
; leave it at 3 to just get critical error messages
debug = 7
output = D:\ajgonz\stunnel.log

; Use it for client mode
client = yes

; Service-level configuration

[https]
accept    = 10.4.1.8:443
connect   = 10.4.1.1:443
TIMEOUTclose = 0

; vim:ft=dosini

; List of Ciphers
ciphers = DES-CBC3-SHA