Additional Information

A proxy designed to add TLS encryption to existing clients and servers

Latest Version Stunnel 5.73
Requirements

Mac OS X 10.6 or later

Updated September 11, 2024
Author Michal Trojnara
Category File Transfer and Networking
License Open Source
Language English
Download 267

Overview

Stunnel for Mac is proxy management and network encryption utility that enables users to establish safe and secure encrypted connections on Mac that are not equipped to handle TSL and SSL standards natively.

Built as an open-source application under direct development of its creator Michał Trojnara, Stunnel for macOS has managed very rapidly to become one of the first solutions for networking and security professionals who want to add TLS encryption functionality to their network nodes (both servers and clients) without actively changing the code of the communication and data sharing programs.

To provide as high security as it is possible, Stunnel relies heavily on tried and tested public-key cryptography with X.509 digital certificates to create an impenetrable SSL connection. The security is handled via advanced OpenSSL libraries and user-selected cryptographic algorithms, a FIPS 140-2 validation, and much more.

Originally released to the public in December of 1998, this application went through several large upgrades that enabled it to be suitable for use both by home users and large companies. The adoption of new security, portability, and scalability features enabled all of its users to take direct control over network security.

After more than 16 years on the market, Michał Trojnara released another more feature-rich online security app Ghostunnel – which was marketed as a successor to Stunnel for Mac.

It can be downloaded and used for FREE by both home users and businesses. The app is optimized for all modern versions of macOS and can be also found on a wide variety of other OS and device platforms.

Features and Highlights
  • PTHREAD (Posix)
  • FORK (traditional Unix)
  • UCONTEXT (userlevel)
  • Load sharing among multiple backend servers
  • External session cache (for clusters)
  • Compression (for limited bandwidth)
  • Certificate-based access control
  • CRL and OCSP certificate revocation
  • SNI (Server Name Indication) support for name-based virtual servers
  • PFS (Perfect Forward Secrecy) with DH and ECDH key agreement
  • FIPS mode (for compliance)
  • Configuration of hardware engines
  • Local mode (running services designed for inetd) with an optional pseudo-terminal allocation
  • chroot (additional security)
  • setuid/setgid (additional security)
  • Logging to syslog
  • Libwrap (TCP Wrappers) access control
  • Transparent proxy on selected platforms
  • EGD (Entropy Gathering Daemon) client
  • Unix socket support
  • GUI
  • Saving cached peer certificate chains to files
  • IPv6 support
  • Protocol negotiation for cifs, connect, imap, nntp, pgsql, pop3, proxy, and smtp
  • Delayed resolver (for dialup connections and remote hosts with dynamic IP addresses)
  • Graceful configuration file reloading
  • Graceful log file reopening
  • Ident access control



Previous versions More »

5.73 September 11, 2024 885.94 KB 5.72 February 06, 2024 879.76 KB 5.71 September 21, 2023 874.65 KB 5.70 July 14, 2023 862.23 KB 5.69 June 25, 2023 859.36 KB 5.68 June 23, 2023 859.36 KB