What wasn't covered

SSH
Host key verification.
Passwordless ssh authentication methods.
Identity / pubkey authentication sans passwords.
Using ssh-agent to hold identity/pubkeys.
Restricting ssh port forwards using permit_open/etc.
Restricting ssh commands via authorized_keys.
Choosing/Restricting ciphers.

Stunnel
Creating certificates.
Certificate verification.
Socket options.
Choosing/Restricting ciphers.