diff --git a/security/stunnel/src/opnsense/mvc/app/controllers/OPNsense/Stunnel/forms/general.xml b/security/stunnel/src/opnsense/mvc/app/controllers/OPNsense/Stunnel/forms/general.xml
index 958e5a830a..703c34372f 100644
--- a/security/stunnel/src/opnsense/mvc/app/controllers/OPNsense/Stunnel/forms/general.xml
+++ b/security/stunnel/src/opnsense/mvc/app/controllers/OPNsense/Stunnel/forms/general.xml
@@ -18,4 +18,10 @@
           firewall (allowed by default).
         </help>
     </field>
+    <field>
+        <id>stunnel.general.enable_oscp</id>
+        <label>enable OSCPaia</label>
+        <type>checkbox</type>
+        <help>Validate peer certificates using OCSP responders from their AIA extension. Enable if you need strict certificate revocation checking.</help>
+    </field>
 </form>
diff --git a/security/stunnel/src/opnsense/mvc/app/models/OPNsense/Stunnel/Stunnel.xml b/security/stunnel/src/opnsense/mvc/app/models/OPNsense/Stunnel/Stunnel.xml
index 0b851ec5d0..a4abce6290 100644
--- a/security/stunnel/src/opnsense/mvc/app/models/OPNsense/Stunnel/Stunnel.xml
+++ b/security/stunnel/src/opnsense/mvc/app/models/OPNsense/Stunnel/Stunnel.xml
@@ -1,6 +1,6 @@
 <model>
     <mount>//OPNsense/Stunnel</mount>
-    <version>1.0.4</version>
+    <version>1.0.5</version>
     <description>
         Stunnel TLS encryption proxy
     </description>
@@ -18,6 +18,10 @@
                 <Default>0</Default>
                 <Required>Y</Required>
             </enable_ident_server>
+            <enable_oscp type="BooleanField">
+                <Default>0</Default>
+                <Required>Y</Required>
+            </enable_oscp>
         </general>
         <services>
             <service type="ArrayField">
@@ -47,11 +51,18 @@
                 </connect_port>
                 <protocol type="OptionField">
                     <OptionValues>
+                        <cifs>CIFS</cifs>
+                        <capwin>CAPWIN</capwin>
+                        <capwinctrl>CAPWINCTRL</capwinctrl>
+                        <connect>CONNECT</connect>
                         <imap>IMAP</imap>
                         <ldap>LDAP</ldap>
                         <nntp>NNTP</nntp>
+                        <pgsql>PGSQL</pgsql>
                         <pop3>POP3</pop3>
+                        <proxy>PROXY</proxy>
                         <smtp>SMTP</smtp>
+                        <socks>SOCKS</socks>
                     </OptionValues>
                     <Required>N</Required>
                 </protocol>
diff --git a/security/stunnel/src/opnsense/service/conf/actions.d/actions_stunnel.conf b/security/stunnel/src/opnsense/service/conf/actions.d/actions_stunnel.conf
index 142f0d18a7..fa18547e6d 100644
--- a/security/stunnel/src/opnsense/service/conf/actions.d/actions_stunnel.conf
+++ b/security/stunnel/src/opnsense/service/conf/actions.d/actions_stunnel.conf
@@ -36,7 +36,7 @@ message:stunnel service restart
 description:Restart Stunnel
 
 [status]
-command:/usr/local/etc/rc.d/stunnel status; /usr/local/etc/rc.d/identd_stunnel onestatus; exit 0
+command:/usr/local/etc/rc.d/stunnel status; exit 0
 parameters:
 type:script_output
 message:stunnel status
diff --git a/security/stunnel/src/opnsense/service/templates/OPNsense/Stunnel/stunnel.conf b/security/stunnel/src/opnsense/service/templates/OPNsense/Stunnel/stunnel.conf
index 0d6590d383..5c1ace1704 100644
--- a/security/stunnel/src/opnsense/service/templates/OPNsense/Stunnel/stunnel.conf
+++ b/security/stunnel/src/opnsense/service/templates/OPNsense/Stunnel/stunnel.conf
@@ -6,7 +6,11 @@ chroot = /var/run/stunnel
 pid = {% if helpers.empty('OPNsense.Stunnel.general.chroot') %}/var/run/stunnel{% endif %}/stunnel.pid
 debug = info
 logId = unique
-
+{% if helpers.empty('OPNsense.Stunnel.general.enable_oscp') %}
+OCSPaia = no
+{% else %}
+OCSPaia = yes
+{% endif %}
 
 {% if helpers.exists('OPNsense.Stunnel.services.service') %}
 {%   for service in helpers.toList('OPNsense.Stunnel.services.service') %}