Stunnel
The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. It will negotiate an SSL connection using the OpenSSL or SSLeay libraries. It calls the underlying crypto libraries, so stunnel supports whatever cryptographic algorithms you compiled into your crypto package.
| Tags | Security Cryptography Internet Proxy Servers Networking |
|---|---|
| Licenses | GPL |
| Operating Systems | Unix Windows Windows Windows CE Mac OS X |
| Implementation | C |
Recent releases
- 23 Apr 2009 10:46
Changes: Win32 DLLs were provided for OpenSSL 0.9.8k. FIPS support was updated for openssl-fips 1.2. A new priority failover strategy was implemented for multiple "connect" targets. pgsql protocol negotiation was added.
- 21 Sep 2008 05:28
Changes: Win32 DLLs have been updated to OpenSSL 0.9.8i. /etc/hosts.allow and /etc/hosts.deny no longer need to be copied to the chrooted directory, as the libwrap processes are no longer chrooted. A more informative error message is logged for invalid port number specified in the stunnel.conf file. Support for Microsoft Visual C++ 9.0 Express Edition was added. All libwrap processes are killed at stunnel shutdown. A minor bug in the stunnel.init sample SysV startup file was fixed.
- 19 May 2008 14:34
Changes: A security issue in the OCSP functionality has been fixed. This bug allowed a revoked certificate to successfully authenticate. Any installations with OCSP enabled should be upgraded as soon as possible. Other users are not affected.
- 28 Mar 2008 04:01
Changes: Two new options were added to directly control syslog logging and the thread stack size. Problems with setuid and setgid in a chroot environment were fixed as well as libwrap problems on heavily loaded systems. The license was updated and clarified.
- 27 Oct 2007 14:49
Changes: Initial FIPS 140-2 support was added. Non-MT-safe libwrap (TCP Wrappers) library support was rewritten. It's currently based on pre-forked processes and should be much faster. Some bugfixes were also added.
