Leigh,
Perhaps I wasn't quite as clear as I intended.. :) I'm not suggesting that SSL over UDP should be done.. I'm suggesting that stunnel could potentially act as a UDP-over-encrypted-TCP gateway.
Okay. Now I understand your idea (I hope). I would have to design a propriatary datagram-over-byte-stream (DOBS) protocol (at least length of UDP packets has to be encoded aside from the content), and then tunnel UDP over DOBS over SSL over TCP.
This is why I don't like it: 1. Such tunneling is not very effective. There's a *huge* protocol overhead. 2. It's not standard. One of the main ideas behind stunnel is its interoperability. 3. I think it's much easier to write such encrypting UDP forwarder from scratch using IPSec-style datagram protocol, than to modify stunnel. 4. It breaks my KISS principle. 8-)
In fact I would really like to find a time (or a sponsor) to develop such UDP encrypting forwarder.
BTW: Maybe it's better to use IPSec or VTUN instead of a proxy?
Best regards, Mike