Portability (Threading Models)

• PTHREAD (Posix)
• FORK (traditional Unix)
• UCONTEXT (userlevel)
• WIN32

Performance and Scalability

• Load balancing backend servers with round-robin and priority strategies
• External session cache (for clusters)
• Compression (for limited bandwidth)

Support for OpenSSL Security Features

• Access control with TLS-PSK (pre-shared key) and certificates
• CRL and OCSP certificate revocation
• SNI (Server Name Indication) support for name-based virtual servers
• PFS (Perfect Forward Secrecy) with DH and ECDH key agreement
• FIPS mode (for compliance)
• OpenSSL engines, including CAPI (Microsoft CryptoAPI)

Other Cross-platform Features

• Remote (socket) and local (inetd-style) mode
• Redirection of TLS client connections on authentication failures
• IPv6 support
• Application-level protocol support for:
  • cifs
  • connect
  • imap
  • nntp
  • pgsql
  • pop3
  • proxy
  • smtp
  • socks versions 4, 4a, and 5
• Delayed resolver (for dial-up connections and dynamic remote IP)
• Graceful configuration file reloading
• Graceful log file reopening
• UTF-8 configuration and log files
• Ident access control

Unix Features

• Unix socket support
• Socket activation with systemd
• Transparent proxy on selected platforms
• Optional pseudo-terminal allocation for the local mode
• Logging to syslog
• chroot (additional security)
• setuid/setgid (additional security)
• Libwrap (TCP Wrappers) access control
• EGD (Entropy Gathering Daemon) client

Windows Features

• GUI
• Saving cached peer certificate chains to files
• Windows service mode