sslVersion	=	TLSv1.2
TIMEOUTidle	=	60
	options	=	NO_SSLv2
	options	=	NO_SSLv3
	options	=	SINGLE_DH_USE
	options	=	SINGLE_ECDH_USE
	options	=	CIPHER_SERVER_PREFERENCE
	curve	=	secp521r1 ; --curve unsupported for www; use: secp384r1
	cert	=	/path/to/your/private_key.pem
	FIPS	=	no
	debug	=	7
	syslog	=	yes
	chroot	=	/home/tarjail
	setuid	=	nobody
	setgid	=	nobody
	CAfile	=	/path/to/client/cert.pem
	verify	=	3

;best ciphers https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
ciphers=ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS

;*Server receiver:
	exec	=	/sbin/tar
execargs	=	/sbin/tar x -p -f - -C /files
; Client send:
; tar cf - files... | openssl s_client -connect host.com:5000 -quiet

;*Server sender:
;	exec	=	/sbin/tar
;execargs	=	/sbin/tar c -f - -C /files .
; Client receive:
; openssl s_client -connect host.com:5001 -quiet | tar tvf -

;*SELINUX allow tar execution:
;chcon -v --type=inetd_child_exec_t tar

;*DO NOT USE tar COMPRESSION OPTIONS*