mschmitt/stunnel.conf

## stunnel.conf
pid=/var/run/stunnel-8443-ssh.pid
sslVersion=TLSv1

# decoy web service mail.example.com
[8443-ssh]
cert=/etc/tls/signed-cert.20141107.pem
key=/etc/tls/key.20130329.pem
accept=:::8443
connect=::1:80

# proxied ssh service on SAN securemail.example.com
[proxied-ssh]
cert=/etc/tls/signed-cert.20141107.pem
key=/etc/tls/key.20130329.pem
CAfile=/etc/tls/martinschmitt_20171005.crt
verifyPeer=yes
sni=8443-ssh:securemail.example.com
connect=::1:22
	pid=/var/run/stunnel-8443-ssh.pid
	sslVersion=TLSv1

	# decoy web service mail.example.com
	[8443-ssh]
	cert=/etc/tls/signed-cert.20141107.pem
	key=/etc/tls/key.20130329.pem
	accept=:::8443
	connect=::1:80

	# proxied ssh service on SAN securemail.example.com
	[proxied-ssh]
	cert=/etc/tls/signed-cert.20141107.pem
	key=/etc/tls/key.20130329.pem
	CAfile=/etc/tls/martinschmitt_20171005.crt
	verifyPeer=yes
	sni=8443-ssh:securemail.example.com
	connect=::1:22