The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote servers.
It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs’ code. It will negotiate an SSL connection using the OpenSSL or SSLeay libraries.
Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs’ code. Its architecture is optimized for security, portability, and scalability (including load-balancing), making it suitable for large deployments.
The stunnel can be used to provide secure encrypted connections for clients or servers that do not speak TLS or SSL natively. It runs on a variety of operating systems,including most Unix-like operating systems and Windows.
Other Cross-platform Features
- Remote (socket) and local (inetd-style) mode
- Redirection of TLS client connections on authentication failures
- IPv6 support
- Application-level protocol support for:
- socks versions 4, 4a, and 5
- Delayed resolver (for dial-up connections and dynamic remote IP)
- Graceful configuration file reloading
- Graceful log file reopening
- UTF-8 configuration and log files
- Ident access control