<yambe:breadcrumb>Security tools</yambe:breadcrumb> <yambe:breadcrumb>Network related tools</yambe:breadcrumb>

stunnel

Stunnel can be used to encrypt communication between network programs which normally do not support encryption. Stunnel listens on a port and forwards requests to actual daemon. When it is run in server mode, it listens for encrypted connections from client and forwards plain-text connections to local server via loop-back. When it runs in client mode, clients can connect to stunnel via localhost which connects to remote server using SSL. In some cases we can run stunnel at both ends and encrypt plain-text communication between two normal programs while it is travelling over network.

Stunnel also supports very advanced certificate options so that we can supply our own certificates for clients requesting SSL connection or verify remote SSL certificate when we are connecting to remote server as client. stunnel man page has good detailed information about various options supported by stunnel and how they can be used.

One good use of stunnel is to encrypt connection between browser and proxy server as browsers do not support SSL HTTP proxy servers yet. Example of this use case is explained at Using encrypted channels to communicate with squid proxy server.