stunnel-announce

stunnel-announce@stunnel.org

141 discussions

stunnel 4.38 released
by Michal Trojnara 28 Jun '11

28 Jun '11

Dear Users, I have just released version 4.38 of stunnel. The ChangeLog entry: Version 4.38, 2011.06.28, urgency: MEDIUM: * New features - Server-side SNI implemented (RFC 3546 section 3.1) with a new service-level option "nsi". - "socket" option also accepts "yes" and "no" for flags. - Nagle's algorithm is now disabled by default for improved interactivity. * Bugfixes - A compilation fix was added for OpenSSL version < 1.0.0. - Signal pipe set to non-blocking mode. This bug caused hangs of stunnel features based on signals, e.g. local mode, FORK threading, or configuration file reload on Unix. Win32 platform was not affected. Home page: http://www.stunnel.org/ Download: ftp://ftp.stunnel.org/stunnel/ SHA-256 hash for stunnel-4.38.tar.gz: aa49012195fde4dc3e4bed2bb25283cb40a6e0ad8295a47e730652f611e2268c Best regards, Mike

1 0

stunnel 4.37 released
by Michal Trojnara 17 Jun '11

17 Jun '11

Dear Users, I have just released version 4.37 of stunnel. This release is mainly intended to fix bugs and portability issues introduced in versions 4.35 and 4.36. This version also provides new security defaults, updated to better match current best practices in cryptographic applications. The ChangeLog entry: Version 4.37, 2011.06.17, urgency: MEDIUM: * New features - Client-side SNI implemented (RFC 3546 section 3.1). - Default "ciphers" changed from the OpenSSL default to a more secure and faster "RC4-MD5:HIGH:!aNULL:!SSLv2". A paranoid (and usually slower) setting would be "HIGH:!aNULL:! SSLv2". - Recommended "options = NO_SSLv2" added to the sample stunnel.conf file. - Default client method upgraded from SSLv3 to TLSv1. To connect servers without TLS support use "sslVersion = SSLv3" option. - Improved --enable-fips and --disable-fips ./configure option handling. - On startup stunnel now compares the compiled version of OpenSSL against the running version of OpenSSL. A warning is logged on mismatch. * Bugfixes - Non-blocking socket handling in local mode fixed (Debian bug #626856). - UCONTEXT threading mode fixed. - Removed the use of gcc Thread-Local Storage for improved portability. - va_copy macro defined for platforms that do not have it. - Fixed "local" option parsing on IPv4 systems. - Solaris compilation fix (redefinition of "STR"). Home page: http://www.stunnel.org/ Download: ftp://ftp.stunnel.org/stunnel/ SHA-256 hash for stunnel-4.37.tar.gz: 02ca30609ccb26f6e52ff7eb79a6778ea452a04432eaef7d959d19933f6fe109 Best regards, Mike

1 0

stunnel 4.36 released
by Michal Trojnara 02 May '11

02 May '11

Dear Users, Version 4.36 of stunnel was released. The ChangeLog entry: Version 4.36, 2011.05.03, urgency: LOW: * New features - Updated Win32 DLLs for OpenSSL 1.0.0d. - Dynamic memory management for strings manipulation: no more static STRLEN limit, lower stack footprint. - Strict public key comparison added for "verify = 3" certificate checking mode (thx to Philipp Hartwig). - Backlog parameter of listen(2) changed from 5 to SOMAXCONN: improved behavior on heavy load. - Example tools/stunnel.service file added for systemd service manager. * Bugfixes - Missing pthread_attr_destroy() added to fix memory leak (thx to Paul Allex and Peter Pentchev). - Fixed the incorrect way of setting FD_CLOEXEC flag. - Fixed --enable-libwrap option of ./configure script. - /opt/local added to OpenSSL search path for MacPorts compatibility. - Workaround implemented for signal handling on MacOS X. - A trivial bug fixed in the stunnel.init script. - Retry implemented on EAI_AGAIN error returned by resolver calls. Home page: http://www.stunnel.org/ Download: ftp://ftp.stunnel.org/stunnel/ SHA-256 hash for stunnel-4.36.tar.gz: 3483fc2011e8a9d2614a93a9dbf7eabf405044df3566f29144fe2d1dd37a35f5 Best regards, Mike

1 0

stunnel 4.35 released
by Michal Trojnara 05 Feb '11

05 Feb '11

Dear Users, I'm pleased to announce long-awaited version 4.35 of stunnel. The ChangeLog entry: * New features - Updated Win32 DLLs for OpenSSL 1.0.0c. - Transparent source (non-local bind) added for FreeBSD 8.x. - Transparent destination ("transparent = destination") added for Linux. * Bugfixes - Fixed reload of FIPS-enabled stunnel. - Compiler options are now auto-detected by ./configure script in order to support obsolete versions of gcc. - Async-signal-unsafe s_log() removed from SIGTERM/SIGQUIT/SIGINT handler. - CLOEXEC file descriptor leaks fixed on Linux >= 2.6.28 with glibc >= 2.10. Irreparable race condition leaks remain on other Unix platforms. This issue may have security implications on some deployments. - Directory lib64 included in the OpenSSL library search path. - Windows CE compilation fixes (thx to Pierre Delaage). - Deprecated RSA_generate_key() replaced with RSA_generate_key_ex(). * Domain name changes (courtesy of Bri Hatch) - http://stunnel.mirt.net/ --> http://www.stunnel.org/ - ftp://stunnel.mirt.net/ --> http://ftp.stunnel.org/ - stunnel.mirt.net::stunnel --> rsync.stunnel.org::stunnel - stunnel-users(a)mirt.net --> stunnel-users(a)stunnel.org - stunnel-announce(a)mirt.net --> stunnel-announce(a)stunnel.org Home page: http://www.stunnel.org/ Download: ftp://ftp.stunnel.org/stunnel/ SHA-256 hash for stunnel-4.35.tar.gz: a810e220498239483e14fae24eeb2a188a6167e9118958b903f8793768c4460f Best regards, Mike

1 0

What legal issues come up if I use GPL-incompatible libraries with GPL software?
by Michal Trojnara 17 Jan '11

17 Jan '11

Dear Users, I just noticed some people declare GPL license on stunnel patches. Since stunnel uses GPL license *with OpenSSL exception* (OpenSSL license is not GPL-compatible), it cannot be distributed if it is linked against any GPL code (patches, libraries) without this exception. It is still legal to distribute stunnel with patches that use GPL license with OpenSSL exception. Such patches constitute forks of stunnel and will *never* be accepted to my source tree. Third party patches rarely meet my quality criteria, but I occasionally accept patches released as public domain or having their copyright ownership transferred to me. Also see: http://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs https://secure.wikimedia.org/wikipedia/en/wiki/Fork_%28software_development… Mike

1 0

Experimental stunnel-4.35b1
by Michal Trojnara 15 Dec '10

15 Dec '10

Dear Users, I have uploaded stunnel-4.35b1 to ftp://stunnel.mirt.net/stunnel/ for your testing. Please give it a shot and submit any problems to stunnel-users mailing list. This is the way you can not only help me improve production 4.35, but also make sure it's going to work on your platform! Please consider version 4.35b1 highly experimental and not ready for production. Specifically it is no supposed to be packaged for any OS distribution (e.g. *BSD ports). Best regards, Michal Trojnara

1 0

Stunnel 4.33 released
by Michal Trojnara 19 Sep '10

19 Sep '10

The ChangeLog entry: Version 4.33, 2010.04.05, urgency: MEDIUM: * New features - Win32 DLLs for OpenSSL 1.0.0. This library requires to c_rehash CApath/CRLpath directories on upgrade. - Win32 DLLs for zlib 1.2.4. - Experimental support for local mode on WIN32 platform. Try "exec = c:\windows\system32\cmd.exe". * Bugfixes - Inetd mode fixed SHA-1 value for stunnel-4.33.tar.gz: 695c7ef834952cb8ddbc790e10b6e32798fc2767 Home page: http://stunnel.mirt.net/ Download: ftp://stunnel.mirt.net/stunnel/ Best regards, Michal Trojnara

1 1

Stunnel 4.32 released
by Michal Trojnara 24 Mar '10

24 Mar '10

Dear Users, I'm glad to announce a new version of stunnel. The ChangeLog entry: Version 4.32, 2010.03.24, urgency: MEDIUM: * New features - New service-level "libwrap" option for run-time control whether /etc/hosts.allow and /etc/hosts.deny are used for access control. Disabling libwrap significantly increases performance of stunnel. - Win32 DLLs for OpenSSL 0.9.8m. * Bugfixes - Fixed a transfer() loop issue with SSLv2 connections. - Fixed a "setsockopt IP_TRANSPARENT" warning with "local" option. - Logging subsystem bugfixes and cleanup. - Installer bugfixes for Vista and later versions of Windows. - FIPS mode can be enabled/disabled at runtime. SHA-1 value for stunnel-4.32.tar.gz: e9be8b9150d1c901a7c37b58494e351815147a79 Home page: http://stunnel.mirt.net/ Download: ftp://stunnel.mirt.net/stunnel/ Best regards, Michal Trojnara

1 0

Stunnel 4.31 released
by Michal Trojnara 03 Feb '10

03 Feb '10

The ChangeLog entry: Version 4.31, 2010.02.03, urgency: MEDIUM: * New features - Log file reopen on USR1 signal was added. * Bugfixes - Some regression issues introduced in 4.30 were fixed. SHA-1 value for stunnel-4.31.tar.gz: f51fc544a0554f6eee2bfca1fcb8ddcb8386ce32 Home page: http://stunnel.mirt.net/ Download: ftp://stunnel.mirt.net/stunnel/ Best regards, Michal Trojnara

1 0

FIPS compilation patch for stunnel 4.30
by Michal Trojnara 21 Jan '10

21 Jan '10

Dear Users, Please find a tiny patch for FIPS mode of stunnel 4.30: ftp://stunnel.mirt.net/stunnel/fips.patch BTW: Please consider making a donation if you appreciate my work on configuration file reloading feature. Use PayPal Donate button on http://stunnel.mirt.net/ Mike

1 0

← Newer
1
...
7
8
9
10
11
12
13
14
15
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

stunnel-announce