Krishna Yenduri wrote: > Darren J Moffat wrote: >> When stunnel is used to provide a SSL protected system service on a >> well known port, the stunnel command needs to be started by a >> privileged user. It should be started when the system boots, for this >> reason a Solaris specific smf(5) manifest is provided to enable a >> stunnel service. >> >> The svc:/network/stunnel:default service is disabled by default because >> it requires configuration before use. A sample configuration file is >> also provided. >> > > I would recommend changing the FMRI to > svc:/network/ssl/stunnel:default > since kernel SSL (KSSL) added network/ssl. > > BTW, stunnel is a nice complement to kernel SSL because it can do client > side SSL. kernel SSL gives better performance on the server side > where performance is more important.
I agree with Krishna's suggestion on the FMRI, I did go looking for it but forgot that there are no kssl instances by default so it didn't show up in "svcs -a | grep ssl". -- Darren J Moffat
