stunnel is a program written in C that provides an encrypted layer over an existing socket.


stunnel translates data between an encrypted connection and an unencrypted connection. Thus, it is with http and other servers.

PYK 2018-05-30: The documentation for accept states:

If no host specified, defaults to all IPv4 addresses for the local host.

But in that case stunnel actually binds to To listen on all address, use the wildcard address explicitly:

accept =
connect = 80
cert = /etc/stunnel/stunnel.pem

This has been reported here .