I probably didn't properly implement your patch, but I did a "git pull" in the git folder I have from you. It updated several stuff.... I copied the stunnel folder and the privatekeypassword to the "trunk" and did a new make It compiled stunnel and privatekeypassword, but after testing it with the firmware it still needs a password for the key Code: root@meer:/var/mod/root# ls -altr /var/flash/websrv_ssl_key.pem crw-r--r-- 1 root root 250, 201 Jan 1 1970 /var/flash/websrv_ssl_key.pem root@meer:/var/mod/root# ls -altr /var/flash/websrv_ssl_cert.pem crw-r--r-- 1 root root 250, 202 Jan 1 1970 /var/flash/websrv_ssl_cert.pem With entering the certificate twice is that I use the AVM-interface to add the certificate for the AVM-interface and then I need to do the same for the Freetz interface. I think it's more elegant when that only needs to be done once. When this thing would work it would also have the private key more obscured.... Code: Enter /var/flash/websrv_ssl_key.pem pass phrase: [ ] Clients allowed=500 [.] stunnel 5.42 on mips-unknown-linux-gnu platform [.] Compiled/running with OpenSSL 1.0.2l 25 May 2017 [.] Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI [ ] errno: (*__errno_location ()) [.] Reading configuration from file /var/mod/etc/stunnel.conf [.] UTF-8 byte order mark not detected [.] FIPS mode disabled [ ] Compression disabled [ ] PRNG seeded successfully [ ] Initializing service [https] [ ] Ciphers: HIGH:!DH:!aNULL:!SSLv2 [ ] TLS options: 0x83004BFF (+0x83004BFF, -0x00000000) [ ] Loading certificate from file: /var/flash/websrv_ssl_cert.pem [ ] Certificate loaded from file: /var/flash/websrv_ssl_cert.pem [ ] Loading private key from file: /var/flash/websrv_ssl_key.pem [:] Insecure file permissions on /var/flash/websrv_ssl_key.pem [!] error queue: 140B0009: error:140B0009:lib(20):func(176):reason(9) [!] error queue: 906A068: error:0906A068:lib(9):func(106):reason(104) [!] SSL_CTX_use_PrivateKey_file: 906406D: error:0906406D:lib(9):func(100):reason(109) [!] Service [https]: Failed to initialize TLS context Starting stunnel ... failed. EDIT: I now also copied your dropbear folder to mine.. It's now compiling and I will flash it, but then I will be off to catch a train. In the train I will test some and may be able to read your reaction.