This article has multiple issues. Please helpimprove it or discuss these issues on thetalk page.(Learn how and when to remove these messages) This articlerelies excessively onreferences toprimary sources. Please improve this article by addingsecondary or tertiary sources. Find sources: "Stunnel" – news ·newspapers ·books ·scholar ·JSTOR(January 2024) (Learn how and when to remove this message) This articleneeds additional citations forverification. Please helpimprove this article byadding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "Stunnel" – news ·newspapers ·books ·scholar ·JSTOR(January 2024) (Learn how and when to remove this message) (Learn how and when to remove this message)

stunnel
Developer	Michał Trojnara
Initial release	11 February 1998; 28 years ago (1998-02-11)[1]
Stable release	5.74[2]  / 13 December 2024; 14 months ago (13 December 2024)
Written in	C[3]
Operating system	Multi-platform
Type	Proxy,Encryption
License	GNU General Public License
Website	www.stunnel.org
Repository	www.stunnel.org/downloads.html

Stunnel is anopen-source multi-platformapplication used to provide a universalTLS/SSLtunneling service.

Stunnel is used to provide secure encrypted connections for clients or servers that do not speak TLS or SSL natively.^[4] It runs on a variety of operating systems,^[5] including mostUnix-like operating systems andWindows. Stunnel relies on theOpenSSLlibrary to implement the underlying TLS or SSL protocol.

Stunnel usespublic-key cryptography withX.509digital certificates to secure the SSL connection, and clients can optionally be authenticated via a certificate.^[6]

Iflinked againstlibwrap, it can be configured to act as aproxy–firewall service as well.^{[citation needed]}

Stunnel is maintained by Polish programmer Michał Trojnara and released under the terms of theGNU General Public License (GPL) withOpenSSL exception.^[7]

A stunnel can be used to provide a secureSSL connection to an existing non-SSL-awareSMTP mail server. Assuming the SMTP server expects TCP connections onport 25, the stunnel would be configured to map the SSL port 465 to non-SSL port 25. A mail client connects via SSL to port 465. Network traffic from the client initially passes over SSL to the stunnel application, which transparently encrypts and decrypts traffic and forwards unsecured traffic to port 25 locally. The mail server sees a non-SSL mail client.^{[citation needed]}

The stunnel process could be running on the same or a different server from the unsecured mail application; however, both machines would typically be behind a firewall on a secureinternal network (so that an intruder could not make its own unsecured connection directly to port 25).^{[citation needed]}

• Tunneling protocol

• Official website

• Cryptographic software
• Free security software
• Unix network-related software
• Transport Layer Security implementation
• Tunneling protocols
• Network protocols

• Articles lacking reliable references from January 2024
• All articles lacking reliable references
• Articles needing additional references from January 2024
• All articles needing additional references
• Articles with multiple maintenance issues
• Articles with short description
• Short description matches Wikidata
• Use dmy dates from July 2019
• All articles with unsourced statements
• Articles with unsourced statements from October 2023
• Articles with unsourced statements from October 2019