Hi, this may be a slightly unusual request, but I was curious if stunnel
could be used for securing clients that do not support TLS, to connect to
services that optionally support TLS.
So, really, stunnel already does almost everything that would be needed;
except that in this use case, it would be listening for incoming
unencrypted connections, and then serve as a proxy to an encrypted
connection to the actual service. While it might be nice to offer
certificate-based authentication options in this scenario, it wouldn't be
necessary for my intended use case, so stunnel wouldn't need access to any
private certificates. However, certificate pinning would be pretty
essential to what I have in mind.
Best,
Leon.