stunnel: Features

Portability (Threading Models)

  • PTHREAD (Posix)
  • FORK (traditional Unix)
  • UCONTEXT (userlevel)
  • WIN32

Performance and Scalability

  • Load sharing among multiple backend servers
  • External session cache (for clusters)
  • Compression (for limited bandwidth)

Support for OpenSSL Security Features

  • Certificate-based access control
  • CRL and OCSP certificate revocation
  • SNI (Server Name Indication) support for name-based virtual servers
  • PFS (Perfect Forward Secrecy) with DH and ECDH key agreement
  • FIPS mode (for compliance)
  • Configuration of hardware engines

Features Specific to Unix Platform

  • Local mode (running services designed for inetd) with optional pseudo-terminal allocation
  • chroot (additional security)
  • setuid/setgid (additional security)
  • Logging to syslog
  • Libwrap (TCP Wrappers) access control
  • Transparent proxy on selected platforms
  • EGD (Entropy Gathering Daemon) client
  • Unix socket support

Features Specific to Windows Platform

  • GUI
  • Saving cached peer certificate chains to files
  • Windows service mode

Other Features

  • Redirection of SSL client connections on authentication failures
  • IPv6 support
  • Protocol negotiation for cifs, connect, imap, nntp, pgsql, pop3, proxy, and smtp
  • Delayed resolver (for dialup connections and remote hosts with dynamic IP addresses)
  • Graceful configuration file reloading
  • Graceful log file reopening
  • Ident access control

View Michal Trojnara's profile on LinkedIn


Valid HTML 4.01 Transitional