stunnel - Universal SSL Tunnel

Property Value
Distribution openSUSE Tumbleweed
Repository openSUSE Oss all
Package filename stunnel-5.49-2.1.x86_64.rpm
Package name stunnel
Package version 5.49
Package release 2.1
Package architecture x86_64
Package type rpm
Category Productivity/Networking/Security
License GPL-2.0-or-later
Maintainer -
Download size 148.38 KB
Installed size 272.63 KB
The stunnel program is designed to work as an SSL encryption wrapper
between remote clients and local (inetd-startable) or remote
servers. The concept is that, while having non-SSL aware daemons running on
your system, you can set them to communicate with clients over a
secure SSL channels. Stunnel can be used to add SSL functionality to
commonly used inetd daemons, such as POP-2, POP-3, and IMAP servers
without any changes to the program code.


Package Version Architecture Repository
stunnel-5.49-2.1.i586.rpm 5.49 i586 openSUSE Oss
stunnel - - -


Name Value
/usr/bin/perl -
/usr/sbin/useradd -
coreutils -
diffutils -
fileutils -
fillup -
grep -
group(nogroup) - - - - - - - - - - - - -
systemd -
textutils -


Name Value -
stunnel = 5.49-2.1
stunnel(x86-64) = 5.49-2.1


Type URL
Binary Package stunnel-5.49-2.1.x86_64.rpm
Source Package stunnel-5.49-2.1.src.rpm

Install Howto

Install stunnel rpm package:

# zypper install stunnel




2019-02-22 - Franck Bui <>
- Drop use of $FIRST_ARG in .spec
The use of $FIRST_ARG was probably required because of the
%service_* rpm macros were playing tricks with the shell positional
parameters. This is bad practice and error prones so let's assume
that no macros should do that anymore and hence it's safe to assume
that positional parameters remains unchanged after any rpm macro
2018-11-11 -
- disabled checks; checks depend on ncat and network accessibility
2018-11-11 -
- update to version 5.49
* Logging of negotiated or resumed TLS session IDs (thx to ANSSI - National Cybersecurity Agency of France).
* Merged Debian 10-enabled.patch and 11-killproc.patch (thx to Peter Pentchev).
* OpenSSL DLLs updated to version 1.0.2p.
* PKCS#11 engine DLL updated to version 0.4.9.
* Fixed a crash in the session persistence implementation.
* Fixed syslog identifier after configuration file reload.
* Fixed non-interactive "make check" invocations.
* Fixed reloading syslog configuration.
* stunnel.pem created with SHA-256 instead of SHA-1.
* SHA-256 "make check" certificates.
- includes new version 5.48
* Fixed requesting client certificate when specified as a global option.
* Certificate subject checks modified to accept certificates if at least one of the specified checks matches.
- includes new version 5.47
* Fast add_lock_callback for OpenSSL < 1.1.0. This largely improves performance on heavy load.
* Automatic detection of Homebrew OpenSSL.
* Clarified port binding error logs.
* Various "make test" improvements.
* Fixed a crash on switching to SNI slave sections.
- includes new version 5.46
* The default cipher list was updated to a safer value: "HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK".
* Default accept address restored to INADDR_ANY.
- includes new version 5.45
* Implemented delayed deallocation of service sections after configuration file reload.
* OpenSSL DLLs updated to version 1.0.2o.
* Deprecated the sslVersion option.
* The "socket" option is now also available in service sections.
* Implemented try-restart in the SysV init script (thx to Peter Pentchev).
* TLS 1.3 compliant session handling for OpenSSL 1.1.1.
* Default "failover" value changed from "rr" to "prio".
* New "make check" tests.
* A service no longer refuses to start if binding fails for some (but not all) addresses:ports.
* Fixed compression handling with OpenSSL 1.1.0 and later.
* _beginthread() replaced with safer _beginthreadex().
* Fixed exception handling in libwrap.
* Fixed exec+connect services.
* Fixed automatic resolver delaying.
* Fixed a Gentoo cross-compilation bug (thx to Joe Harvell).
* A number of "make check" framework fixes.
* Fixed false postive memory leak logs.
* Build fixes for OpenSSL versions down to 0.9.7.
* Fixed (again) round-robin failover in the FORK threading model.
2018-02-06 -
- Revamp SLE11 builds
2018-02-01 -
- Do not ignore errors from useradd. Ensure nogroup exists
- Replace old $RPM_ variables. Combine two nested ifs.
2018-01-24 -
- update to version 5.44
* Default accept address restored to INADDR_ANY
* Fix race condition in "make check"
* Fix removing the pid file after configuration reload
- includes 5.43
* Allow for multiple "accept" ports per section
* Self-test framework (make check)
* Added config load before OpenSSL init
* OpenSSL 1.1.1-dev compilation fixes
* Fixed round-robin failover in the FORK threading model
* Fixed handling SSL_ERROR_ZERO_RETURN in SSL_shutdown()
* Minor fixes of the logging subsystem
* OpenSSL DLLs updated to version 1.0.2m
- add new checking to build
- rebase stunnel-listenqueue-option.patch
- Cleanup with spec-cleaner
2017-11-23 -
- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)

See Also

Package Description
stunnel-doc-5.49-2.1.noarch.rpm Documentation for the universal SSL Tunnel
su-wrapper-1.2.0-498.2.i586.rpm The su-wrapper Runs Programs as Another User and Group
su-wrapper-1.2.0-498.2.x86_64.rpm The su-wrapper Runs Programs as Another User and Group
submin- Web Adminstration Interface to Subversion and git
submin-apache- Dependencies when using Submin with Apache httpd
submin-svn- Dependencies when using Submin with Apache Subversion
subnetcalc-2.4.3-2.6.i586.rpm IPv4/IPv6 Subnet Calculator
subnetcalc-2.4.3-2.6.x86_64.rpm IPv4/IPv6 Subnet Calculator
subtitlecomposer-0.6.6-2.8.i586.rpm A text-based subtitle editor
subtitlecomposer-0.6.6-2.8.x86_64.rpm A text-based subtitle editor
subtitlecomposer-lang-0.6.6-2.8.noarch.rpm Translations for package subtitlecomposer
subtitleeditor-0.54.0-2.3.i586.rpm A GTK+3 tool to edit subtitles
subtitleeditor-0.54.0-2.3.x86_64.rpm A GTK+3 tool to edit subtitles
subtitleeditor-lang-0.54.0-2.3.noarch.rpm Translations for package subtitleeditor
subunit-1.3.0-3.1.i586.rpm C bindings for subunit