Hello all, The stunnel documentation says that SNI requires stunnel to be linked with OpenSSL >= 1.0.0. However, SNI is supported in OpenSSL since 0.9.8f (and actually enabled by default since 0.9.8k). For 0.9.8f and later, OPENSSL_NO_TLSEXT will be defined if TLS extension support (including SNI support) is not compiled into OpenSSL. Taking the above into account, the OpenSSL version check in stunnel (src/common.h) could be relaxed a bit. Instead of: #if OPENSSL_VERSION_NUMBER<0x10000000L #define OPENSSL_NO_TLSEXT #define OPENSSL_NO_PSK #endif /* OpenSSL older than 1.0.0 */ this could be: #if OPENSSL_VERSION_NUMBER<0x00908060L #define OPENSSL_NO_TLSEXT #endif /* OpenSSL older than 0.9.8f */ #if OPENSSL_VERSION_NUMBER<0x10000000L #define OPENSSL_NO_PSK #endif /* OpenSSL older than 1.0.0 */ This would enable SNI on systems using 0.9.8 (Mac OS X for example). Best regards, Guillermo Rodriguez Garcia guille.rodriguez@gmail.com