Stunnel Alternatives

By Chad Anderson

Stunnel provides Secure Socket Layer (SSL) support for remote connections without having to modify any daemon code. The software works as an encryption wrapper for use with protocols such as Sendmail Transfer Protocol (SMTP). Stunnel is released under the GNU Public License using the OpenSSL libraries, meaning Stunnel is a fully free to use open source application.

Secure Shell Local Port Forwarding

While typically used to poke holes in restrictive firewalls or to secure temporary connections, Secure Shell (SSH) Local Port Forwarding or tunneling can be used to wrap common connections. You have to establish a tunnel to the remote machine, and then access the local service through the tunnel, making the whole process look nearly identical to stunnel's on setup. For long term connections tunneling may prove unreliable since the tunnel would need to remain permanently open.

Virtual Private Networks

A Virtual Private Network (VPN) works similarly to an SSH tunnel, creating an encrypted connection which you can use to access local services securely. While a VPN may seem like a practical solution, the same problem as the SSH tunneling solution arises with having to maintain the connection for long periods of time instead of a single session. Additionally, a typical VPN requires a client to set up software on his machine to establish a connection. While you can overcome that with a Web-based SSL VPN, it's not always a perfect solution compared to stunnel.

Recompiling Daemons With SSL Support

Stunnel is mainly used as a way to implement SSL with daemons that do not have support for SSL already. Many daemon services have had modules written or new compiling options added to provide SSL support. It may be easier to rebuild your current installation with SSL support then to attempt another workaround.

Another Tunneling Application

The SSLeay libraries, used to create stunnel, have been implemented in a number of other applications. While not all of the other applications are universal wrappers like stunnel, some alternatives might work for your application. SSLWrap is another option for tunneling any TCP service over SSL. Also, since stunnel is not a community project, a branch called stunnel-p has emerged that is slightly different from the main project. The OpenSSL page has a list of service-specific SSL wrappers that may serve your needs for a particular SSL service instead of a universal option (see Resources).