[stunnel-users] Does stunnel support startTLS?

Markus Borst M.Borst at hrz.tu-darmstadt.de
Wed Apr 27 13:09:55 CEST 2011

Stunnel supports encryption in the "old" ssl style extra port 
configuration (i.e. imaps on port 993) where the encryption is 
negotiated immediately upon start of the connection.

Does stunnel also support the startTLS method? i.e. a clear text 
connection is established (imap on port 143) and one of the first imap 
commands is startTLS, which negotiates the encryption and protects the 
connection from that time onwards. I know that supporting startTLS is a 
lot harder, since it means sniffing commands in the higher level 
protocol, but we need it nevertheless. (In fact, our imap server does 
support startTLS, but it does _not_ support importing an external 
certificate, which is why I'm looking for an external solution.)

 From reading the documentation I'm not sure whether stunnel supports 
startTLS, there are a few option descriptions which might point to 
startTLS, but I'm not sure. Anybody knows the definite answer?

Markus Borst

TU Darmstadt
Hochschulrechenzentrum (HRZ)
Markus Borst
Adresse: 	Petersenstrasse 30, 64287 Darmstadt, Germany
Tel.: 	06151/16-2056
Email: 	M.Borst at hrz.tu-darmstadt.de

More information about the stunnel-users mailing list