stunnel TODO High priority features. They will likely be supported some day. A sponsor could allocate my time to get them faster. * Perform protocol negotiations after SSL negotiations if possible. * Command-line server control interface on both Unix and Windows. * Separate GUI process running as current user on Windows. * Optional line-buffering of the log file. * etc/stunnel/conf.d/* files automatically processed while reading etc/stunnel/stunnel.conf * Android GUI. * Support for CryptoAPI certificates and private keys with OpenSSL CAPI engine (this feature is incompatible with FIPS support). * Indirect CRL support (RFC 3280, section 5). * Configuration file option to limit the number of concurrent connections. * SOCKS 4 protocol support. http://archive.socks.permeo.com/protocol/socks4.protocol * Option to redirect instead of rejecting connections on failed authentication. Low priority features. They will unlikely ever be supported. * Provide 64-bit Windows builds (besides 32-bit builds). This requires either Microsoft Visual Studio Standard Edition or Microsoft Visual Studio Professional Edition in order to retain FIPS compliance. * Service-level logging configuration (separate verbosity and destination). * Key renegotiation (re-handshake) for long connections. * Logging to NT EventLog on Windows. * Log rotation on Windows. * Internationalization of logged messages (i18n). * Generic scripting engine instead or static protocol.c. Features I won't support, unless convinced otherwise by a wealthy sponsor. * Protocol support *after* SSL is negotiated: - Support for adding X-Forwarded-For to HTTP request headers. This feature is less useful since PROXY protocol support is available. - Support for adding X-Forwarded-For to SMTP email headers. This feature is most likely to be implemented as a separate proxy. * Additional certificate checks (including wildcard comparison) based on: - CN (Common Name); - SAN (Subject Alternative Name); - O (Organization), and - OU (Organizational Unit). * Set processes title that appear on the ps(1) and top(1) commands. I could not find a portable *and* non-copyleft library for it.