Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL (Secure Sockets Layer) available on both Unix and Windows. Stunnel can allow you to secure non-SSL aware daemons and protocols (like POP, IMAP, LDAP, etc) by having Stunnel provide the encryption, requiring no changes to the daemon's code.
The Stunnel source code is not a complete product -- you still require a functioning SSL library such as OpenSSL or SSLeay in order to compile stunnel. This means that stunnel can support whatever (and only) that which your SSL library can, without making any changes in the Stunnel code.
Stunnel Examples
You will find many different examples of running Stunnel in this section. These are provided by various folks for inclusion either directly or via posts to the stunnel mailing list.
This website makes these documents available for use by the Internet community. However it does not endorse any of the methods contained herein. They could work perfectly, or be totally useles. We don't know. Contact the authors if you have any questions. Use at your own risk.
Using Stunnel on both client and server when neither speaks SSL.
Using Stunnel to provide SSL support for an IMAP server.
Using Stunnel to encrypt rsync traffic between two hosts.
Generic examples of running programs (imapd, etc) on an Stunnel daemon.
How Stunnel generates TCP wrapper service names.
Some notes about using client side certificates.
Creating a cert with multiple names
How to run your stunnel daemon in a chrooted environment
Making a VPN with PPP over Stunnel
Specific application setups
Protecting syslogs with syslog-ng
Forwarding Windows Events via stunnel to a UNIX/Linux syslogd(Windows side is a commercial application.)
Mail-related setup for arda.homeunix.netGood details of a setup for imap/pop/smtp that would work for many sites.
Encrypting MySQL connections
Using Stunnel to serve SSLified telnet to Kermit clients (local copy) Submitted by Kirk Turner-Rustin
Using Stunnel to protect VNC.
Setting up SSL in Eudora 5.1.
Creating a client SSL cert for Outlook
Setting up SSL for vpopmail with DJB's tcpserver
Using Stunnel to protect CVS
(failing to) use Stunnel with Oracle
Using Stunnel to provide an HTTPS client.Includes specific instructions to let you set up secure BLOGging.
Using Stunnel and FTP --not recommended, since you can't protect both data and command channel. See the FTP entry in the faq.
Dumping your SSL-Enabled LDAP directory to an XML File
Stunneling Citrix
Stunneling MS Terminal Services
"Secure/anonymous" news access with Stunnel and AntiFirewall (proprietary windows product)
HTTPS-enabling your Webservices with StunnelVery good OpenSSL, Certificate, and Stunnel info.
Using Stunnel with Qmail
SMB/CIFS with Stunnel
SMB patches and installation notes from the maintainer
Step-by-step installation
Various Samba/SMB/CIFS notes
Unsorted
Wrapping Qmail's pop3d
Creating a CA on Microsoft Windows
