Version 3.16, which was released in December 2015, had support for Opportunistic IPsec using AUTH-NULL[3] which is based on RFC 7619.
The Libreswan Project is currently working on (forward) Domain Name System Security Extensions (DNSSEC) and Kerberos support for Opportunistic IPsec.
It is possible to use OpenVPN and networking protocols to set up dynamic VPN links which act similar to OE for specific domains.
[5] The FreeS/WAN and forks such as Openswan and strongSwan offer VPNs that can also operate in OE mode using IPsec-based technology.
[7] Using the filtering options provided in MMC, it is possible to tailor the networking to require, request or permit traffic to various domains and protocols to use encryption.
In practice, STARTTLS in SMTP is often deployed with self-signed certificates,[8] which represents a minimal one-time task for a system administrator, and results in most email traffic being opportunistically encrypted.
Some versions of the Sipura Technology and Linksys lines of analog telephony adapters (ATA) include a hardware implementation of SRTP with the installation of a certificate from Voxilla, a VoIP information site.
Phil Zimmermann, Alan Johnston, and Jon Callas have proposed a new VoIP encryption protocol called ZRTP.
[11] This was quickly rolled back (in update 37.0.1) due to a serious vulnerability that could bypass SSL certificate verification.