A proxy designed to add TLS encryption to existing clients and servers

Stunnel

Browse by Company

Adobe, Apowersoft, Ashampoo, Autodesk, Avast, Corel, Cyberlink, Google, iMyFone, iTop, Movavi, PassFab, Passper, Stardock, Tenorshare, Wargaming, Wondershare

Stunnel

  -  3.35 MB  -  Open Source
Free Download

Security Status

  • Latest Version

    Stunnel 5.73 LATEST

  • Review by

    Daniel Leblanc

  • Operating System

    Windows 7 64 / Windows 8 64 / Windows 10 64

  • User Rating

    Click to vote

  • Author / Product

    Michał Trojnara / External Link

  • Filename

    stunnel-5.73-win64-installer.exe

  • MD5 Checksum

    41546033144c8db5b23e33ddbe415a79

Stunnel is a proxy management and network encryption utility that enables users to establish safe and secure encrypted connections on PCs that are not equipped to handle TSL and SSL standards natively.

Built as an open-source application under direct development of its creator Michał Trojnara, Stunnel has managed very rapidly to become one of the first solutions for networking and security professionals who want to add TLS encryption functionality to their network nodes (both servers and clients) without actively changing the code of the communication and data sharing programs.

To provide as high security as it is possible, Stunnel relies heavily on tried and tested public-key cryptography with X.509 digital certificates to create an impenetrable SSL connection. The security is handled via advanced OpenSSL libraries and user-selected cryptographic algorithms, a FIPS 140-2 validation, and much more.

Originally released to the public in December of 1998, this application went through several large upgrades that enabled it to be suitable for use both by home users and large companies. The adoption of new security, portability, and scalability features enabled all of its users to take direct control over network security.

After more than 16 years on the market, Michał Trojnara released another more feature-rich online security app Ghostunnel – which was marketed as a successor to Stunnel.

It can be downloaded and used for FREE by both home users and businesses. The app is optimized for all modern versions of Windows OS and can be also found on a wide variety of other OS and device platforms.

Features and Highlights
  • PTHREAD (Posix)
  • FORK (traditional Unix)
  • UCONTEXT (userlevel)
  • Load sharing among multiple backend servers
  • External session cache (for clusters)
  • Compression (for limited bandwidth)
  • Certificate-based access control
  • CRL and OCSP certificate revocation
  • SNI (Server Name Indication) support for name-based virtual servers
  • PFS (Perfect Forward Secrecy) with DH and ECDH key agreement
  • FIPS mode (for compliance)
  • Configuration of hardware engines
  • Local mode (running services designed for inetd) with an optional pseudo-terminal allocation
  • chroot (additional security)
  • setuid/setgid (additional security)
  • Logging to syslog
  • Libwrap (TCP Wrappers) access control
  • Transparent proxy on selected platforms
  • EGD (Entropy Gathering Daemon) client
  • Unix socket support
  • GUI
  • Saving cached peer certificate chains to files
  • Windows service mode
  • IPv6 support
  • Protocol negotiation for cifs, connect, imap, nntp, pgsql, pop3, proxy, and smtp
  • Delayed resolver (for dialup connections and remote hosts with dynamic IP addresses)
  • Graceful configuration file reloading
  • Graceful log file reopening
  • Ident access control
Also Available: Download Stunnel for Mac

Download Stunnel Latest Version

  • Stunnel 5.73 Screenshots

    The images below have been resized. Click on them to view the screenshots in full size.

    Stunnel 5.73 Screenshot 1

What's new in this version:

Security fixes:
- OpenSSL DLLs updated to version 3.3.2
- OpenSSL FIPS Provider updated to version 3.0.9

Fixed:
- Fixed a memory leak while reloading stunnel.conf sections with "client=yes" and "delay=no"
- Fixed TIMEOUTocsp with values greater than 4
- Fix the IPv6 test on a non-IPv6 machine

Features:
- HELO replaced with EHLO in the post-STARTTLS SMTP protocol negotiation (thx to Peter Pentchev)
- OCSP stapling fetches moved away from server threads
- Improved client-side session resumption
- Added support for the mimalloc allocator
- Check for protocolHost moved to configuration file processing for the client-side CONNECT protocol
- Clarified some confusing OpenSSL's certificate verification error messages
- stunnel.nsi updated for Debian 13 and Fedora
- Improved NetBSD compatibility

Top Downloads

More Popular Software »