Stunnel allows a user to tunnel any TCP based application protocol through a connection secured by TLS/SSL.

Proxy for Non-SSL Clients

In order to set up stunnel as a proxy for clients that do not support SSL connections you need to specify listening port and the target website:port:

stunnel -c -f -d 8080 -r

Proxy for Non-SSL Servers

Stunnel can provide transport encryption tunneling for servers that do not natively support SSL.

First generate private and public keys and store them in the same file:

openssl req -new -x509 -out server.pem -nodes -keyout server.pem -subj /CN=localhost

Next run stunnel SSL proxy:

stunnel -p server.pem -f -d 443 -r

Encrypted remote shell

An encrypted remote shell can be started using stunnel:

stunnel -p privkey.pem -d 2222 -l /bin/sh

Next we can connect to port 2222 using OpenSSL's s_client and issue shell commands:

$ openssl s_client -connect localhost:2222 -quiet 2> /dev/null
uid=0(root) gid=0(root) groups=0(root)

External Links

Published on April 13th, 2009 by iphelix



OpenSSL is an open-source TLS/SSL toolkit implemented for a variety of platforms. In this article you will learn several openssl client and server commands useful in working with TLS/SSL protocol. Read more.

tls/ssl protocol

Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are two closely related protocols designed to protect confidentiality and integrity of data in transit between two hosts. Read more.

tls and ssl cipher suites

TLS/SSL protocols support a large number of cipher suites. A cipher suite is a collection of symmetric and asymmetric encryption algorithms used by hosts to establish a secure communication. Supported cipher suites can be classified based on encryption algorithm strength, key length, key exchange and authentication mechanisms. Some cipher suites offer better level of security than others (e.g. Several weak cipher suites were developed for export to comply with US export law). There are more than 200 known cipher suites. Read more.


Size 58.8 KB
DateJanuary 27th, 2010

SSLMap is a lightweight TLS/SSL cipher suite scanner.

  • Uses custom TLS/SSL query engine for increased reliability/speed (No need for third-party libraries such as OpenSSL)
  • Tests for 200+ known cipher suites.
  • Capable of discovering undocumented cipher suites.
  • Advises on cipher suite security based on Protocol, Key Exchange, Authentication, Encryption algorithm, and other parameters.
  • Configurable handshake versions (e.g. TLSv1.1, SSLv2.0) Read more.


All original content on this site is copyright protected and licensed under Creative Commons - Attribution, NonCommercial, ShareAlike 4.0 International.