blob: 6fce2bcb3fb8bb55df261979af82c1838a5b2cce (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
; **************************************************************************
; * Global options *
; **************************************************************************
pid =
foreground = yes
; Only log messages at severity warning (4) and higher
debug = 4
; **************************************************************************
; * Service defaults may also be specified in individual service sections *
; **************************************************************************
client = yes
; Some performance tunings
socket = r:TCP_NODELAY=1
; Prevent MITM attacks
verifyPeer = yes
; Disable support for insecure protocols
sslVersionMin = TLSv1.2
options = NO_COMPRESSION
; Select permitted SSL ciphers
ciphers = EECDH+AESGCM:EECDH+CHACHA20!MEDIUM!LOW!EXP!aNULL!eNULL
; **************************************************************************
; * Service definitions (remove all services for inetd mode) *
; **************************************************************************
[ldaps]
; dummy address (socket-activated)
accept = 127.0.0.1:0
connect = {{ ipsec[ hostvars[groups.LDAP_provider[0]].inventory_hostname_short ] }}:636
checkHost = ldap.fripost.org
CAfile = /etc/stunnel/certs/ldap.pem
; vim:ft=dosini
|
