Additional Information

A proxy designed to add TLS encryption to existing clients and servers

Latest Version Stunnel 5.74
Requirements

Windows 7 64/Windows 8 64/Windows 10 64

Updated December 15, 2024
Author Michal Trojnara
Category File Transfer and Networking
License Open Source
Language English
Download 274

Overview

Stunnel is a proxy management and network encryption utility that enables users to establish safe and secure encrypted connections on PCs that are not equipped to handle TSL and SSL standards natively.

Built as an open-source application under direct development of its creator Michał Trojnara, Stunnel has managed very rapidly to become one of the first solutions for networking and security professionals who want to add TLS encryption functionality to their network nodes (both servers and clients) without actively changing the code of the communication and data sharing programs.

To provide as high security as it is possible, Stunnel relies heavily on tried and tested public-key cryptography with X.509 digital certificates to create an impenetrable SSL connection. The security is handled via advanced OpenSSL libraries and user-selected cryptographic algorithms, a FIPS 140-2 validation, and much more.

Originally released to the public in December of 1998, this application went through several large upgrades that enabled it to be suitable for use both by home users and large companies. The adoption of new security, portability, and scalability features enabled all of its users to take direct control over network security.

After more than 16 years on the market, Michał Trojnara released another more feature-rich online security app Ghostunnel – which was marketed as a successor to Stunnel.

It can be downloaded and used for FREE by both home users and businesses. The app is optimized for all modern versions of Windows OS and can be also found on a wide variety of other OS and device platforms.

Features and Highlights
  • PTHREAD (Posix)
  • FORK (traditional Unix)
  • UCONTEXT (userlevel)
  • Load sharing among multiple backend servers
  • External session cache (for clusters)
  • Compression (for limited bandwidth)
  • Certificate-based access control
  • CRL and OCSP certificate revocation
  • SNI (Server Name Indication) support for name-based virtual servers
  • PFS (Perfect Forward Secrecy) with DH and ECDH key agreement
  • FIPS mode (for compliance)
  • Configuration of hardware engines
  • Local mode (running services designed for inetd) with an optional pseudo-terminal allocation
  • chroot (additional security)
  • setuid/setgid (additional security)
  • Logging to syslog
  • Libwrap (TCP Wrappers) access control
  • Transparent proxy on selected platforms
  • EGD (Entropy Gathering Daemon) client
  • Unix socket support
  • GUI
  • Saving cached peer certificate chains to files
  • Windows service mode
  • IPv6 support
  • Protocol negotiation for cifs, connect, imap, nntp, pgsql, pop3, proxy, and smtp
  • Delayed resolver (for dialup connections and remote hosts with dynamic IP addresses)
  • Graceful configuration file reloading
  • Graceful log file reopening
  • Ident access control



Previous versions More »

5.74 December 15, 2024 3.34 MB 5.73 September 11, 2024 3.35 MB 5.72 February 06, 2024 3.9 MB 5.71 September 21, 2023 3.89 MB 5.70 July 14, 2023 3.81 MB 5.69 June 25, 2023 3.8 MB