|Stable release||5.35 (July 18, 2016) [±]|
|License||GNU General Public License|
The stunnel can be used to provide secure encrypted connections for clients or servers that do not speak TLS or SSL natively. It runs on a variety of operating systems, including most Unix-like operating systems and Windows. Stunnel relies on a separate library, such as OpenSSL or SSLeay, to implement the underlying TLS or SSL protocol.
For example, one could use stunnel to provide a secure SSL connection to an existing non-SSL-aware SMTP mail server. Assume the SMTP server expects TCP connections on port 25. One would configure stunnel to map the SSL port 465 to non-SSL port 25. A mail client connects via SSL to port 465. Network traffic from the client initially passes over SSL to the stunnel application, which transparently encrypts/decrypts traffic and forwards unsecured traffic to port 25 locally. The mail server sees a non-SSL mail client.
The stunnel process could be running on the same or a different server from the unsecured mail application; however, both machines would typically be behind a firewall on a secure internal network (so that an intruder could not make its own unsecured connection directly to port 25).
Another typical example is to use it to bypass an overly secure firewall: You're on a LAN with no SSH access to the Web. But the SSL protocol (port 443) can get through. Using stunnel you can encapsulate your SSH connection in SSL.
|This network-related software article is a stub. You can help Wikipedia by expanding it.|