SSLproxy/sslproxy.conf
2018-02-28 02:16:18 +03:00

52 lines
1.3 KiB
Plaintext

# This is the SSLproxy configuration file
# Use CA cert (and key) to sign forged certs
CACert /etc/sslproxy/ca.crt
# Use CA key (and cert) to sign forged certs
CAKey /etc/sslproxy/ca.key
# Close connections after this many seconds of idle time
ConnIdleTimeout 120
# Check for expired connections every this many seconds
ExpiredConnCheckPeriod 10
# Retry to shut ssl conns down after this many micro seconds
# Increasing this delay may avoid dirty shutdowns on slow connections,
# but increases resource usage, such as file desriptors and memory
SSLShutdownRetryDelay 100
# Write pid to file
PidFile /var/run/sslproxy.pid
# Log statistics to syslog
LogStats yes
# Log statistics every this many ExpiredConnCheckPeriod periods
StatsPeriod 1
# Drop privileges to user and group
User _sslproxy
Group _sslproxy
# Remove HTTP header line for Accept-Encoding
RemoveHTTPAcceptEncoding no
# Remove HTTP header line for Referer
RemoveHTTPReferer yes
# Verify peer using default certificates
VerifyPeer yes
# Allow wrong host names in certificates
AllowWrongHost no
# Cipher specification for both server and client SSL/TLS connections
Ciphers ALL:!RC4
# Proxy specifications
# type listenaddr+port up:utmport
ProxySpec https 127.0.0.1 8443 up:8080
ProxySpec pop3s 127.0.0.1 8995 up:8110
ProxySpec smtps 127.0.0.1 8465 up:9199