# ssl configuration file.
# /etc/l7vs/sslproxy/sslproxy.target.cf

[ssl]
# Global configuration.
timeout_sec = 

# SSL configuration.
ca_dir = "/etc/l7vs/sslproxy/"
ca_file = "root.pem"
cert_chain_dir = "/etc/l7vs/sslproxy/"
cert_chain_file = "server.pem"
private_key_dir = "/etc/l7vs/sslproxy/"
private_key_file = "server.pem"
private_key_filetype = "SSL_FILETYPE_PEM"
#private_key_filetype = "SSL_FILETYPE_ASN1"
private_key_passwd_dir = "/etc/l7vs/sslproxy/"
private_key_passwd_file = "passwd.txt"
verify_options = "SSL_VERIFY_NONE"
#verify_options = "SSL_VERIFY_PEER"
#verify_options = "SSL_VERIFY_FAIL_IF_NO_PEER_CERT"
#verify_options = "SSL_VERIFY_CLIENT_ONCE"
verify_cert_depth = 9
#ssl_options = "SSL_OP_MICROSOFT_SESS_ID_BUG"
#ssl_options = "SSL_OP_NETSCAPE_CHALLENGE_BUG"
#ssl_options = "SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG"
#ssl_options = "SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG"
#ssl_options = "SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER"
#ssl_options = "SSL_OP_MSIE_SSLV2_RSA_PADDING"
#ssl_options = "SSL_OP_SSLEAY_080_CLIENT_DH_BUG"
#ssl_options = "SSL_OP_TLS_D5_BUG"
#ssl_options = "SSL_OP_TLS_BLOCK_PADDING_BUG"
#ssl_options = "SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS"
ssl_options = "SSL_OP_ALL"
#ssl_options = "SSL_OP_NO_QUERY_MTU"
#ssl_options = "SSL_OP_COOKIE_EXCHANGE"
#ssl_options = "SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION"
#ssl_options = "SSL_OP_SINGLE_ECDH_USE"
#ssl_options = "SSL_OP_SINGLE_DH_USE"
#ssl_options = "SSL_OP_EPHEMERAL_RSA"
#ssl_options = "SSL_OP_CIPHER_SERVER_PREFERENCE"
#ssl_options = "SSL_OP_TLS_ROLLBACK_BUG"
ssl_options = "SSL_OP_NO_SSLv2"
#ssl_options = "SSL_OP_NO_SSLv3"
#ssl_options = "SSL_OP_NO_TLSv1"
#ssl_options = "SSL_OP_PKCS1_CHECK_1"
#ssl_options = "SSL_OP_PKCS1_CHECK_2"
#ssl_options = "SSL_OP_NETSCAPE_CA_DN_BUG"
#ssl_options = "SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG"
#tmp_dh_dir = "/etc/l7vs/sslproxy/"
#tmp_dh_file = "dh512.pem"
cipher_list = "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"

# SSL session cache configuration.
session_cache = "on"
session_cache_size = 20480
session_cache_timeout = 300