Stunnel is one of those very very useful tools, for providing services, accessing SSL'd services (when you don't have an SSL capable client) and debugging SSL services. Over all it's just useful.
See also: OpenSsl
Useful Commands
- Connect to a remote SSL service for debugging:
# stunnel -c -r maus.spack.org:pop3s +OK POP3 maus.spack.org v2001.78 server ready user adam +OK User name accepted, password please pass secret +OK Mailbox open, 0 messages list +OK Mailbox scan listing follows . quit +OK Sayonara
- Setup an stunnel daemon on your local box which will forward your non-SSL clients traffic to a remote SSL service (basically like an SSH tunnel):
# stunnel -c -d localhost:pop3 -r maus.spack.org:pop3s # telnet localhost pop3 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK POP3 maus.spack.org v2001.78 server ready quit +OK Sayonara Connection closed by foreign host.
Notes:
The only real problem I've had with stunnel is under Windows where it is much slower then under Linux (I tested it tunneling CVS traffic to an SSL wrapped CVS server running under Linux). Dual booting my laptop between Linux and Windows 2000 there was close to an order of magnitude (10x) speed difference. Upgrading to the latest Windows stunnel client (and SSL libraries) about doubled the performance so it went from god awful to just bad.