Hello Gentlemen. Needs help in configuration or negative clarifications on two issues. 1) First question whether is mixed use of cert/PSKsecrets auth possible? The same method (ether cert or PSKsecrets explicitly) serverside trough the parent [TLS] and inherited services works properly. But mixed cert/PSKsecrets like in config snippet below doesn't work. [TLS] client = no accept = 0.0.0.0:https connect = localhost:http cert = /etc/opt/stunnel/stunnel.pem [ssh] client = no sni = TLS:ssh connect = localhost:ssh [socks] client = no sni = TLS:socks protocol = socks PSKsecrets = /etc/opt/stunnel/auth/passwd The idea is to pass insensibly all incorrect or non-SNI aware requests to main http server and hide other multiplexed services. And at the same time to establish encryption and password access control to [socks] service. 2) And the second question is it possible proxy CONNECT after establishing SSL/TLS encryption? The configuration section: [ssh] accept = 22222 protocol = connect protocolHost = server.tld:443 protocolUsername = usernamehere protocolPassword = passwordhere connect = proxy.tld:8080 Say to establish unencrypted connection with proxy, pass username and password, tell proxy to establish CONNECT to target 443 and then transmit SSL/TLS to it. Goal is if I have SSL/TLS termination server/proxy on port 443 so we at first speak SSL/TLS with proxy and only then proceed to proxy requests phase. Thanks for future explanations.