Files
stunnel/Dockerfile
T
2026-05-05 20:07:37 +00:00

31 lines
1.2 KiB
Docker

# ============================================================
# Dockerfile — WWTP Extreme Switch TLS 1.0 Proxy
#
# Uses Debian Bullseye (OpenSSL 1.1.1) instead of Alpine 3.18
# (OpenSSL 3.x) because OpenSSL 1.1.1 supports TLS 1.0 natively
# without requiring legacy provider hacks.
# ============================================================
FROM debian:bullseye-slim
# Install stunnel — Debian Bullseye ships OpenSSL 1.1.1 which
# supports TLS 1.0 out of the box. No legacy provider needed.
RUN apt-get update && \
apt-get install -y --no-install-recommends stunnel4 && \
rm -rf /var/lib/apt/lists/*
# Lower the OpenSSL minimum protocol to TLS 1.0
# Bullseye's default is TLSv1.2 — we override it here
RUN sed -i 's/MinProtocol = TLSv1.2/MinProtocol = TLSv1/' /etc/ssl/openssl.cnf && \
sed -i 's/CipherString = DEFAULT@SECLEVEL=2/CipherString = DEFAULT@SECLEVEL=1/' /etc/ssl/openssl.cnf
# Copy stunnel config into image
COPY stunnel.conf /etc/stunnel/stunnel.conf
# Expose all 20 switch proxy ports (4500-4519)
EXPOSE 4500 4501 4502 4503 4504 4505 4506 4507 4508 4509 \
4510 4511 4512 4513 4514 4515 4516 4517 4518 4519
# stunnel4 on Debian uses a wrapper script — call it directly
CMD ["stunnel4", "/etc/stunnel/stunnel.conf"]