World Library  
Flag as Inappropriate
Email this Article


Article Id: WHEBN0000172552
Reproduction Date:

Title: Stunnel  
Author: World Heritage Encyclopedia
Language: English
Subject: Rsync, Cryptographic software, RSA BSAFE, OpenSSH, LibreSSL
Collection: Cryptographic Software, Free Security Software, Transport Layer Security Implementation, Unix Network-Related Software
Publisher: World Heritage Encyclopedia


Developer(s) Michał Trojnara
Stable release 5.16 (April 19, 2015 (2015-04-19)[1])
Operating system Multi-platform
Type Proxy, Encryption
License GNU General Public License
Website .html/

The stunnel is an open-source multi-platform computer program, used to provide universal TLS/SSL tunneling service.

The stunnel can be used to provide secure encrypted connections for clients or servers that do not speak TLS or SSL natively.[2] It runs on a variety of operating systems,[3] including most Unix-like operating systems and Windows. Stunnel relies on a separate library, such as OpenSSL or SSLeay, to implement the underlying TLS or SSL protocol.

The stunnel uses public-key cryptography with X.509 digital certificates to secure the SSL connection. Clients can optionally be authenticated via a certificate too.[4]

If linked against libwrap, it can be configured to act as a proxy-firewall service as well.

The stunnel is maintained by Michał Trojnara. Released under the terms of the GNU General Public License (GPL) with OpenSSL exception.

Example scenario

For example, one could use stunnel to provide a secure SSL connection to an existing non-SSL-aware SMTP mail server. Assume the SMTP server expects TCP connections on port 25. One would configure stunnel to map the SSL port 465 to non-SSL port 25. A mail client connects via SSL to port 465. Network traffic from the client initially passes over SSL to the stunnel application, which transparently encrypts/decrypts traffic and forwards unsecured traffic to port 25 locally. The mail server sees a non-SSL mail client.

The stunnel process could be running on the same or a different server from the unsecured mail application; however, both machines would typically be behind a firewall on a secure internal network (so that an intruder could not make its own unsecured connection directly to port 25).

Another typical example is to use it to bypass an over secure firewall: You're on a LAN with no SSH access to the Web. But the SSL protocol (port 443) can get through. Using stunnel you can encapsulate your SSH connection in SSL.


  1. ^ "stunnel: ChangeLog". Retrieved 2015-04-22. 
  2. ^ O'Donovan, Barry Secure Communication with Stunnel, Linux Gazette, Issue 107, October 2004
  3. ^ Stunnel Ports
  4. ^ stunnel(8) manual

External links

  • Official website

This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.

Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.