stunnel4 - Universal SSL tunnel for network daemons

Property Value
Distribution Debian 7 (Wheezy)
Repository Debian Main i386
Package name stunnel4
Package version 4.53
Package release 1.1
Package architecture i386
Package type deb
Installed size 457 B
Download size 175.29 KB
Official Mirror
The stunnel program is designed to work  as  SSL  encryption
wrapper between remote client and local (inetd-startable) or
remote server. The concept is that having non-SSL aware daemons
running  on  your  system you can easily setup them to
communicate with clients over secure SSL channel.
stunnel can be used to add  SSL  functionality  to  commonly
used  inetd  daemons  like  POP-2,  POP-3  and  IMAP servers
without any changes in the programs' code.
This package contains a wrapper script for compatibility with stunnel 3.x


Package Version Architecture Repository
stunnel4_4.53-1.1_amd64.deb 4.53 amd64 Debian Main
stunnel4 - - -


Name Value
adduser -
libc6 >= 2.11
libssl1.0.0 >= 1.0.0
libwrap0 >= 7.6-4~
netbase -
openssl -
perl-modules -
zlib1g >= 1:1.1.4


Name Value
stunnel -


Name Value
stunnel -


Type URL
Binary Package stunnel4_4.53-1.1_i386.deb
Source Package stunnel4

Install Howto

  1. Update the package index:
    # sudo apt-get update
  2. Install stunnel4 deb package:
    # sudo apt-get install stunnel4




2013-04-22 - Salvatore Bonaccorso <>
stunnel4 (3:4.53-1.1) unstable; urgency=high
* Non-maintainer upload.
* Add CVE-2013-1762.patch patch.
CVE-2013-1762: Fix buffer overflow in NTLM authentication of the CONNECT
protocol negotiation. (Closes: #702267)
2012-06-03 - Luis Rodrigo Gallardo Cruz <>
stunnel4 (3:4.53-1) unstable; urgency=low
* New upstream version 4.53.
- Added client-mode "sni" option to directly control the value of
TLS Server Name Indication (RFC 3546) extension (Closes: #668041).
- Added support for IP_FREEBIND socket option with a pached Linux kernel.
- Glibc-specific dynamic allocation tuning was applied to help unused memory
- Non-blocking OCSP implementation.
- Various other bugfixes, see upstream changelog for details.
* Enabled hardening compile flags. There were NO compile time warning messages
or errors triggered because of this.
* Updated to Standards-Version 3.9.3. No changes required.
- Migrating to /run from /var/run will be a hard problem, because we expect
user written config files to refer to the directory. We'll punt on making
this change for now.
* Updated copyright years to 2012.
* Added Description: LSB header to init script.
2012-02-12 - Luis Rodrigo Gallardo Cruz <>
stunnel4 (3:4.52-1) unstable; urgency=low
* New upstream version 4.52.
* Do not enable chroot in sample config file. It is misleading to users, it
suggests it can be used with no further changes. Closes: #652812
* Remove log files on purge. Closes: #657135
2012-01-04 - Luis Rodrigo Gallardo Cruz <>
stunnel4 (3:4.51~b5-1) experimental; urgency=low
* New upstream version 
- Fixed exec+connect sections (Closes: #653882).
- New "compression = deflate" global option to enable RFC 2246 compression.
For compatibility with previous versions "compression = zlib" and
"compression = rle" also enable the deflate (RFC 2246) compression.
- Separate default ciphers and sslVersion for "fips = yes" and "fips = no".
2011-12-29 - Luis Rodrigo Gallardo Cruz <>
stunnel4 (3:4.50-1) unstable; urgency=low
* New Upstream Releases. Highlights:
+ 4.46:
- Added Unix socket support (e.g. "connect = /var/run/stunnel/socket").
- Added "verify = 4" mode to ignore CA chain and only verify peer
- Removed the limit of 16 IP addresses for a single 'connect' option.
- Removed the limit of 256 stunnel.conf sections in PTHREAD threading
+ 4.45:
- "protocol = proxy" support to send original client IP address to haproxy
This requires accept-proxy bind option of haproxy 1.5-dev3 or later.
- Libwrap helper processes are no longer started if libwrap is disabled
in all sections of the configuration file.
- Fixed -l option handling in stunnel3 script (thx to Kai G├╝lzau).
- Script to build default stunnel.pem was fixed (thx to Sebastian Kayser).
+ 4.44:
- Heap buffer overflow protection with canaries.
- Stack buffer overflow protection with -fstack-protector.
- Fixed garbled error messages on errors with setuid/setgid options.
+ 4.43:
- Major optimization of the logging subsystem.
Benchmarks indicate up to 15% stunnel performance improvement.
* Remove config.guess and config.sub in clean target, otherwise build fails
because of changes in source outside of a patch. Found and fixed by
Peter Eisentraut <> (Closes: #647176).
* Updated watchfile to new upstream's directory structure for archived

See Also

Package Description
stx-btree-demo_0.8.6-1_i386.deb b+tree implementation in c++, demo program
stx-btree-dev_0.8.6-1_all.deb b+tree implementation in c++
stx-btree-doc_0.8.6-1_all.deb b+tree implementation in c++, doxygen documentation
stx2any_1.56-2_all.deb Converter from structured plain text to other formats
stymulator_0.21a~dfsg-1_i386.deb Curses based player and converter for the YM chiptune format
styx-dev_1.8.0-1.1_i386.deb combined parser/scanner generator development files
styx-doc_1.8.0-1.1_all.deb combined parser/scanner generator documentation
styx_1.8.0-1.1_i386.deb combined parser/scanner generator for C/C++
subcommander-doc_2.0.0~b5p2-5_all.deb User guide for subcommander
subcommander_2.0.0~b5p2-5_i386.deb Graphical client for Subversion
subnetcalc_2.1.3-1_i386.deb IPv4/IPv6 Subnet Calculator
substance-doc_5.3-2_all.deb cross-platform look & feel for Swing applications - documentation
substance_5.3-2_all.deb cross-platform look & feel for Swing applications
subsurface_1.2-1_i386.deb simple dive log program written in C
subtitlecomposer_0.5.3-3+b1_i386.deb Subtitles editor for KDE