stunnel: Features

Portability (Threading Models)

  • PTHREAD (Posix)
  • FORK (traditional Unix)
  • UCONTEXT (userlevel)
  • WIN32

Performance and Scalability

  • Load sharing among multiple backend servers
  • External session cache (for clusters)
  • Compression (for limited bandwidth)

Support for OpenSSL Security Features

  • Access control with TLS-PSK (pre-shared key) and certificates
  • CRL and OCSP certificate revocation
  • SNI (Server Name Indication) support for name-based virtual servers
  • PFS (Perfect Forward Secrecy) with DH and ECDH key agreement
  • FIPS mode (for compliance)
  • OpenSSL engines, including CAPI (Microsoft CryptoAPI)

Other Cross-platform Features

  • Remote (socket) and local (inetd-style) mode
  • Load balancing remote targets with round-robin and priority strategies
  • Redirection of TLS client connections on authentication failures
  • IPv6 support
  • Application-level protocol support for:
    • cifs
    • connect
    • imap
    • nntp
    • pgsql
    • pop3
    • proxy
    • smtp
    • socks versions 4, 4a, and 5
  • Delayed resolver (for dial-up connections and dynamic remote IP)
  • Graceful configuration file reloading
  • Graceful log file reopening
  • UTF-8 configuration and log files
  • Ident access control

Unix Features

  • Unix socket support
  • Socket activation with systemd
  • Transparent proxy on selected platforms
  • Optional pseudo-terminal allocation for the local mode
  • Logging to syslog
  • chroot (additional security)
  • setuid/setgid (additional security)
  • Libwrap (TCP Wrappers) access control
  • EGD (Entropy Gathering Daemon) client

Windows Features

  • GUI
  • Saving cached peer certificate chains to files
  • Windows service mode

View Michal Trojnara's profile on LinkedIn

OpenSSL

Valid HTML 4.01 Transitional