Offloading AES or SHA1 is not very practical, as software implementations can already handle over 1Tbps on modern CPUs.  I bet stunnel deployments that need to handle over 1Tbps traffic are not very common.