# ============================================================ # Dockerfile — WWTP Extreme Switch TLS 1.0 Proxy # # Uses Debian Bullseye (OpenSSL 1.1.1) instead of Alpine 3.18 # (OpenSSL 3.x) because OpenSSL 1.1.1 supports TLS 1.0 natively # without requiring legacy provider hacks. # ============================================================ FROM debian:bullseye-slim # Install stunnel — Debian Bullseye ships OpenSSL 1.1.1 which # supports TLS 1.0 out of the box. No legacy provider needed. RUN apt-get update && \ apt-get install -y --no-install-recommends stunnel4 && \ rm -rf /var/lib/apt/lists/* # Lower the OpenSSL minimum protocol to TLS 1.0 # Bullseye's default is TLSv1.2 — we override it here RUN sed -i 's/MinProtocol = TLSv1.2/MinProtocol = TLSv1/' /etc/ssl/openssl.cnf && \ sed -i 's/CipherString = DEFAULT@SECLEVEL=2/CipherString = DEFAULT@SECLEVEL=1/' /etc/ssl/openssl.cnf # Copy stunnel config into image COPY stunnel.conf /etc/stunnel/stunnel.conf # Expose all 20 switch proxy ports (4500-4519) EXPOSE 4500 4501 4502 4503 4504 4505 4506 4507 4508 4509 \ 4510 4511 4512 4513 4514 4515 4516 4517 4518 4519 # stunnel4 on Debian uses a wrapper script — call it directly CMD ["stunnel4", "/etc/stunnel/stunnel.conf"]