2017-08-24 13:16:45 +00:00
|
|
|
# This is the SSLproxy configuration file
|
|
|
|
|
|
|
|
# Use CA cert (and key) to sign forged certs
|
|
|
|
CACert /etc/sslproxy/ca.crt
|
|
|
|
# Use CA key (and cert) to sign forged certs
|
|
|
|
CAKey /etc/sslproxy/ca.key
|
|
|
|
|
|
|
|
# Close connections after this many seconds of idle time
|
|
|
|
ConnIdleTimeout 120
|
|
|
|
|
|
|
|
# Check for expired connections every this many seconds
|
|
|
|
ExpiredConnCheckPeriod 10
|
|
|
|
|
|
|
|
# Retry to shut ssl conns down after this many micro seconds
|
|
|
|
# Increasing this delay may avoid dirty shutdowns on slow connections,
|
|
|
|
# but increases resource usage, such as file desriptors and memory
|
|
|
|
SSLShutdownRetryDelay 100
|
|
|
|
|
|
|
|
# Write pid to file
|
|
|
|
PidFile /var/run/sslproxy.pid
|
|
|
|
|
|
|
|
# Log statistics to syslog
|
|
|
|
LogStats yes
|
|
|
|
|
|
|
|
# Log statistics every this many ExpiredConnCheckPeriod periods
|
|
|
|
StatsPeriod 1
|
|
|
|
|
|
|
|
# Drop privileges to user and group
|
|
|
|
User _sslproxy
|
|
|
|
Group _sslproxy
|
|
|
|
|
|
|
|
# Remove HTTP header line for Accept-Encoding
|
|
|
|
RemoveHTTPAcceptEncoding no
|
|
|
|
|
2017-09-03 20:11:20 +00:00
|
|
|
# Remove HTTP header line for Referer
|
|
|
|
RemoveHTTPReferer yes
|
|
|
|
|
2018-01-18 00:18:53 +00:00
|
|
|
# Verify peer using default certificates
|
|
|
|
VerifyPeer yes
|
|
|
|
|
|
|
|
# Allow wrong host names in certificates
|
|
|
|
AllowWrongHost no
|
|
|
|
|
2018-02-27 23:16:18 +00:00
|
|
|
# Cipher specification for both server and client SSL/TLS connections
|
|
|
|
Ciphers ALL:!RC4
|
|
|
|
|
2017-08-24 13:16:45 +00:00
|
|
|
# Proxy specifications
|
|
|
|
# type listenaddr+port up:utmport
|
|
|
|
ProxySpec https 127.0.0.1 8443 up:8080
|
|
|
|
ProxySpec pop3s 127.0.0.1 8995 up:8110
|
|
|
|
ProxySpec smtps 127.0.0.1 8465 up:9199
|