stunnel-announce

stunnel-announce@stunnel.org

141 discussions

stunnel 5.21 released
by Michal Trojnara 27 Jul '15

27 Jul '15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Users, I have released version 5.21 of stunnel. The ChangeLog entry: Version 5.21, 2015.07.27, urgency: MEDIUM * New features - Signal names are displayed instead of numbers. - First resolve IPv4 addresses on passive resolver requests. This speeds up stunnel startup on Win32 with a slow/defunct DNS service. - The "make check" target was modified to only build Win32 executables when stunnel is built from a git repository (thx to Peter Pentchev). - More elaborate descriptions were added to the warning about using "verify = 2" without "checkHost" or "checkIP". - Performance optimization was performed on the debug code. * Bugfixes - Fixed the FORK and UCONTEXT threading support. - Fixed "failover=prio" (broken since stunnel 5.15). - Added a retry when sleep(3) was interrupted by a signal in the cron thread scheduler. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 2aef568b1955f5e233f6a8e17ebce3d30755f1be44c813f5a48e621f785596e3 stunnel-5.21.tar.gz d5ec83140060af2b373a82abab0f7fd34c76a68c4f2990d46be460526b325de6 stunnel-5.21-installer.exe 2788d9e11b65dd4b111616bab1d7f09943916c924ba023cc3ad4260ac1f6f6d7 stunnel-5.21-android.zip Best regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVtfz2AAoJEC78f/DUFuAUey4P/0tQ8yj3Yt7K5yLIorDGu9lI w95Vs2MtyOvFQyoX24dPKrDULKmxE28Dg8RJt51ZuT9q8mIfPdBA+jphyfjbpzl0 BeNQNbzEfN36dhOa2+dvr4+fcna/lnRpNMQg6sP/z4KHDLoI72lAg9vVwv5VX/4X JAMAaTxbrOXuXOmVPLSdHBeug7Y/0Q/+jPg9tSEslMtBaJvMd4CcHs4q8dCW9OQv AUWLtOiSsubfCvQ9rwGODObFJCA3BINrmh3a9EyhKJTov+8JKHlJY02r4zGJYMC4 PIVAVZWit9mEFefG6BuEWwOw4gohAInDXpsN2X9BNNDfUAVlUtp6OoxATcGv/H45 Uf25Dz2Bu8WtKIuuCIhN79PBfqSG8f2mSwNsec8OcYNOTzkAHKoFQQfKbJ1FUD5+ lTBhOFfo/B5haQA1EHNf0z8JxDulnsL7JsQQo4hF3ShSiCZpEAVvSkixpwCjm2kR WCtQ0w5eLccD/CnfjNrcOp3QKGLacZ+PCm9MH+cQDQvnmhAaelWK+OL67L9FKwBf hbJMA2RwwjN7efwEeUlnzVTBiJS9fsPTJghh8CzYuDWlnhEEnB9WX2FI1yVZVxM+ 8tGifpdOkRCFhpQSQkj0pWy/qf/cU8mL2uM31hBNcsRjCt6PfjQfKQ7jyMFvicmc rWJhvWvAfLAJXl+rgn5r =WvhQ -----END PGP SIGNATURE-----

1 0

stunnel 5.20 released
by Michal Trojnara 09 Jul '15

09 Jul '15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Users, I have released version 5.20 of stunnel. The ChangeLog entry: Version 5.20, 2015.07.09, urgency: HIGH * Security bugfixes - OpenSSL DLLs updated to version 1.0.2d. https://www.openssl.org/news/secadv_20150709.txt * New features - poll(2) re-enabled on MacOS X 10.5 and later. - Xcode SDK is automatically used on MacOS X if no other locally installed OpenSSL directory is found. - The SSL library detection algorithm was made a bit smarter. - Warnings about insecure authentication were modified to include the name of the affected service section. - A warning was added to stunnel.init if no pid file was specified in the configuration file (thx to Peter Pentchev). - Optional debugging symbols are included in the Win32 installer. - Documentation updates (closes Debian bug #781669). * Bugfixes - Signal pipe reinitialization added to prevent turning the main accepting thread into a busy wait loop when an external condition breaks the signal pipe. This bug was found to surface on Win32, but other platforms may also be affected. - Fixed removing the disabled taskbar icon. - Generated temporary DH parameters are used for configuration reload instead of the static defaults. - LSB compatibility fixes added to the stunnel.init script (thx to Peter Pentchev). - Fixed the manual page headers (thx to Gleydson Soares). Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 4a36a3729a7287d9d82c4b38bf72c4d3496346cb969b86129c5deac22b20292b stunnel-5.20.tar.gz 9d9d38241e972713cd0937e2cf66fdacf3adcb357fbea82d8e46648de4e26fa4 stunnel-5.20-installer.exe cfc1e94cb7c7bf14c832ac8799db4a3438ae7542aa04ec5e9c6695a1a3c3843d stunnel-5.20-android.zip Best regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVnoXOAAoJEC78f/DUFuAUGvoP/1WQ2DliVyQQNGDYPkE2Rbqk BJ7lMEseYdPLjZVtkNPQIuH9PCc/qbWMrDFK1sJg+R7d0yyp+Ip+ucH4i5GCfW6o xIZQ00WVa/qV52AcEDGTZ+43EBPBIFNMkSeJlkwyj81ISZ+my0YpqPNSF77fZFdN IqGln9e+1n4gM+8SOgPnJs2XiR2EsbQzmwaZcTCOoKp56j6q2bLXlYC802B9KezJ ex2dmbGV2JEHmNarSUxWO45VnFdqhjhz4qHySm6KnLD2hoyS9Ex2XyynuuyIiIVx yU9M1zliZvgQSQ4RTpO3Ko2b9Qy2cYDECrFwk7i5rlwmiCw1zH5zWGh1rnAsLJHn 7SAxc5BfiB3VQl16CgoLM65no2mJ60f499ab3LA0uTNbt03PrPkc5cK8w+ec3YNU 6E59R4FXC6ae5T4iR7b9mBGifUHWtg53I1H7qbD6Pye/EH5QciSSPizEHeORYlPy fC3jOMEIUDlXjqI7k/XMGVPJ7SSKFkBNiqHKTKoM12QhiZXLLh4Ig3aQJgqX5IBQ VdML1/W9MdBlZNAHYaUBrkSls99aVbIsHJ5yAE0gsF5Lgi6hK6zDkXiKoVEozN5A N6MtfQHs/JS2nvlmCbtGWrK66EXKxW409f0JS3AJG6tjOquuSZYmR944EPzQD+zA WPivIUH2TVk63kULw/ui =Uw+D -----END PGP SIGNATURE-----

1 0

stunnel 5.19 release
by Michal Trojnara 16 Jun '15

16 Jun '15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Users, I have released version 5.19 of stunnel. The ChangeLog entry: Version 5.19, 2015.06.16, urgency: MEDIUM: * New features - OpenSSL DLLs updated to version 1.0.2c. - Added a runtime check whether COMP_zlib() method is implemented in order to improve compatibility with the Debian OpenSSL build. * Bugfixes - Improved socket error handling. - Cron thread priority on Win32 platform changed to THREAD_PRIORITY_LOWEST to improve portability. - Makefile bugfixes for stunnel 5.18 regressions. - Fixed some typos in docs and scripts (thx to Peter Pentchev). - Fixed a log level check condition (thx to Peter Pentchev). Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 0b543242cf26649acfdd9f00de564c3e8de7ac2237d53935ffdc7eb24f4d556d stunnel-5.19.tar.gz 310fb015c3884dd19a1905ed84d5fbcd1579507c98ee2ba43955aa45311bc056 stunnel-5.19-installer.exe 990e636a869f4de8a55c43e7f2fa24ebbf81c1c221473106e8e6b5d89d720627 stunnel-5.19-android.zip Best regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVgCeVAAoJEC78f/DUFuAUi98P/1cPUAg1ehgZkDXIxwIxTt/t sxYOWEmX/ajmimornRygim9HHGPB4HzDMFu1B1qCT01GE4uR+ogYZMYJAdZ+LRua J0wuDawuKgnJvWpdDGnX4Mfz/zUcV8L4T4iJvBnC8xXTQeto7+qU9YTmbYhms4xy u1CPpAXUHnwrNMkI5nqBtB8TSIEeHgmfS456/7oe9Kl+0F8hq7FkZ+1/IYxQOAPC 0drl8A8tfUroBiw+aI2aWJAq2gUoQFVpyAYi7IUBXnmGZ7H1CMcO+KpG+33L0glH oz5DxsuzHyYZYWD1NiKfre4QxMHrT9xXWoNQIHkwgEjDlQXTAqd5rhz9b13TjMmn hiHG3XtF+FvSwFJeTNk/yVYe8ZvjbXUS3BWS65HqTiRKx0iEtkkf2Z1VsieVMUGO LiWvxztz9Z4OSIUWxOFcC8WLTlIDTcIqMM79JLC33o22YSwIRqsE7u5mGiG6yZBN s78ILkqXauxQ1MSDXPArOIZr6iJIqHtuAJbnZvmAQwSKbks/gnzY4WAX0SAw9M64 hhbEnr+zsiRSq30uGrU7fxFHr4MynagEiNaAbNG2kQEJ4nSgHoY0W59dXAuVVYFM UtYgsEeMnPlaBij+ecgmk/xfpEZDQ/phaHtTKzTQUE3JWLkB/VsLz1gwZO1poH8e dOuvm5RULY29YlHcEoM+ =V456 -----END PGP SIGNATURE-----

1 0

stunnel 5.18 release
by Michal Trojnara 12 Jun '15

12 Jun '15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Users, I have released version 5.18 of stunnel. The ChangeLog entry: Version 5.18, 2015.06.12, urgency: MEDIUM: * New features - OpenSSL DLLs updated to version 1.0.2b. https://www.openssl.org/news/secadv_20150611.txt - Added "include" configuration file option to include all configuration file parts located in a specified directory. - Log file is reopened every 24 hours. With "log = overwrite" this feature can be used to prevent filling up disk space. - Temporary DH parameters are refreshed every 24 hours, unless static DH parameters were provided in the certificate file. - Unique initial DH parameters are distributed with each release. - Warnings are logged on potentially insecure authentication. - Improved compatibility with the current OpenSSL 1.1.0-dev tree: removed RLE compression support, etc. - Updated stunnel.spec (thx to Bill Quayle). * Bugfixes - Fixed handling of dynamic connect targets. - Fixed handling of trailing whitespaces in the Content-Length header of the NTLM authentication. - Fixed --sysconfdir and --localstatedir handling (thx to Dagobert Michelsen). Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 0532c0a2f8de3da1ab625e384146501ce5936fac63d01561c3a9bf652b692317 stunnel-5.18.tar.gz 9b9a64f30d4dc72f19a2f6482f5bcf76bb67cf3dd859bdd615e0345e1bb8dd41 stunnel-5.18-installer.exe a73befed476f423dee0ff25f38449570fb9f6a07ab90321d9c38e3962f833939 stunnel-5.18-android.zip Best regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVeuE3AAoJEC78f/DUFuAU88wP/jfyOCsCBwCcIxNoQhEU5k4d mczXvWtaw0gBrOivrzgBZS0w621D66DGoXt6yMwMp1suWY9spTWZ+VjQJM8oFCul iFwYWyFyxiTOGRFXGCPEff8f4OGbGoxHfDaIrHR5AGvTzguznKTDXzM7cjixqWF9 vL/t08ZjoDWOZIVJuN8M9sVQWn7gzPnyJpvpW2D240aITBx348ZWt/QGqX4yOSzL tQCojXRO6W+rOq0WUdeDFp7CAMB7IZgZsZljqOUn4Q0wHgzuar0Kq1ZLQEkgoX5V lGJ99yZ74/H1RUDcVKGrdksX0atuf6SfzbTvZ/Osp0z7/NlWzhbCt6emYpSLxyzr 2IMX4T8Y593rDovT6AjOb2D4W0sJqAMfUMrs7+T43lYvEbQY8CoEBOH2St5h6X7Y 2ZIa1XMvMmaN08/QyUq6WqxEz0se9BPtUCC+oFjDlGw0oWrqKs1zzJAIpg0HHPOy j1NpBVPnuZz1WlTT/oGLIIVm6w8wATSKthIXstNtofXpSvJ1J94UntC3+0xga7KD SzaOm9w9kpDEtD0EwArLwak5cSevzdXQR4xfmU5OK/UohsdyTLBOab6iY3htmokk JOWIKZztATN7dq8YGvMfJvIiM1ij8Eg14wsahlwfwMZ+eGSvS5lTWvYsSirnnNFi XTrCfpnrKgrfLkUXhbtH =CdmE -----END PGP SIGNATURE-----

1 0

Authentication methods
by Michal Trojnara 15 May '15

15 May '15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Users, While reading various 3rd party stunnel tutorials I noticed that they either don't configure authentication, or they recommend insecure configurations. I wrote a short overview of authentication methods available in stunnel: https://www.stunnel.org/auth.html Proper authentication is essential to TLS security. Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJVVXk5AAoJEC78f/DUFuAUN/QP/3m4HX4zWS8SehukDNWw54AB ySAT+XmT8SEo/iuGer/CRYbUWoMDpmwaI9x+whXMg+EBsxGd+nmyE9fkFiFSqOsV vnXc14zuMkQYorWbGtduXdnQ0/jQzWPDOIeKgpyXIsN/OvEhx1A6med9Go/SqaFz couW55wysqpJ9a+3YMtxIjLoCMzIGOZ8TKIHWJiZaBcgp93YCABeoE5hKR4RlxVj OrgHhuyA8yz1EIYUPKTEMuJwqnCl9Mk3FVskKIXgfEcxBzism2n/xJpEIYAWVPRW N8JaaZDojk6dt5oMiMzXUeobigZ82SKuV9MG3aQjuxXAP7IX2vuOa6rQ/85T1OFI PMZMKENM1aAcOVpiq/4OMNKhIG+OuhDm/dla5NC8lsfxDuJ3YESVp/Z0VeW1EWYA BFHxjGw8OA65izTYcvJKl1j7flfSgRELOCf1SMakR+VIUhkWlPQjdHWuW2V5NKgv 5aU0fwPGEpudKdsLFzgaYzhVPjTNfavl8k+xUWHOQyrNvEM9SNbOTyorxY7QA2aQ uyAOrUF8whboBTX59/3gXYI9vaepvT00ktCtQEz3XelkYT9SzCRYV+I+mUqquBd+ 0JQdiSMvOzfNraxT03rzYA6h/Iey9+tj9WnffpmYU5eyTt2bCp+xavzCyEmdQZlq 4LfAPgFYII9+59444dY2 =m51O -----END PGP SIGNATURE-----

1 0

stunnel 5.17 release
by Michal Trojnara 29 Apr '15

29 Apr '15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Users, I have released version 5.17 of stunnel. The ChangeLog entry: Version 5.17, 2015.04.29, urgency: HIGH: * Bugfixes - Fixed a NULL pointer dereference causing the service to crash. This bug was introduced in stunnel 5.15. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: c3e79e582621a0827125e35e1c00450190104fc02dc3c5274cb02b05859fd472 stunnel-5.17.tar.gz 07a508de3807663f71e4793fd5edb4c57b6c82b4c9008753f8f6c85a17acbeea stunnel-5.17-installer.exe 49d2cc11aefe2062576a0bbfafa3beb5ae541683d90972c6ed457b19a455c346 stunnel-5.17-android.zip Best regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVQSIlAAoJEC78f/DUFuAU5XEP/R2d2gXCeKk7d/466dOYF//A YlXC6oDbs7OB8qEHH3u5u5hl8WIZJOmbPb79APSJKd7ESREoRk97UBJZYoH+QuEB CHOs0czty5IE2QyMibHJZ4Zed23q/QHrTRL9GpZd8EPkmiRG/dq7M+vC0gJJuF+N 4CPCNj464ATtjFB3mPju+wQinnWj8s57kNAazifAQNvM/jhdJOMH+BOvXIGEwUlt iZ8MBwO707j81UWkSFANxn1GMTOoJY2pTTAmJr/eKun9sLbuN7v4ec8Mtwdcj16P 5CeXD1g7gOK5q2FizIUWfBD38nPRVBXMqfSAkjtezwqZJb1K4bfa505E4SY3bKzL CJstbH206rQriqhpV4hrsuGVmb6M7lt57zAJZ746NQtlRm1gLdf/56JclsHqmkqo Z6zAuXRAiarkn88OsERp8r84Y4l8q/D8dkZwYPObSCT+SAMimPzLxhu9sjIKsb1I lSFNS2P9sEw/MhM9yQGfyC0GKzQWrQIONFHP2iCS8+ySEc+6/1b9tB9oiOcsAL1c edWV3m5SQzG7TbsbtApRy6Pvb30O7/5zAJOiBN6Yf5OQ8OyjL4M9+ZKd75qQxsQj IEZNJW/caVz9QwNWc2BQtaUVy7RC0CaTmbebsoQWlKQmzosXMU2QgC/WJ3jQdslz Vc3C3rKKvwGPw1DZLX95 =tC15 -----END PGP SIGNATURE-----

1 0

Fwd: Comments/questions to Debian patches
by Michal Trojnara 21 Apr '15

21 Apr '15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Users, Peter Pentchev, the Debian package maintainer for the "stunnel4" package, does not reply to my emails. I hope he is still alive and well, just too busy to maintain the package. I decided to share with you my comments to the patches that are applied to the Debian package. Hopefully, someone will find them useful. Mike - -------- Forwarded Message -------- Subject: Comments/questions to Debian patches Date: Tue, 28 Oct 2014 21:13:25 +0100 From: Michal Trojnara <Michal.Trojnara(a)mirt.net> To: Peter Pentchev <roam(a)ringlet.net> Hi Peter, Just a few comments/questions to improve the quality of Debian package. I'll be glad to discuss if you disagree with my opinions. 01-fix-paths.patch The patch description is quite outdated. Translation from sbin to bin was performed upstream in stunnel 4.21 released 27 Oct 2007. 8-) I guess: /usr/bin/stunnel -fd 10 \ should be: /usr/bin/stunnel4 -fd 10 \ Probably this should be added to the next patch: 02-rename-binary.patch 05-logrotate-warning-in-sample-conf.patch Good idea. I'll add it to stunnel 5.07. 08-client-example.patch I've already added this example in stunnel 5.02. Your patch adds it once again. Just remove it. 10-no-zlib-compression.patch I'm completely confused by this patch. According to my tests it only makes stunnel reporting different errors when a user tries to enable compression on Debian. Why would anyone need this patch? 11-no-rle-compression.patch IMHO OpenSSL bugs should be fixed in OpenSSL, and not in stunnel. YMMV 12-restore-pidfile-default.patch I strongly disagree with this approach, as it breaks configuration file compatibility with the upstream. Debian should instead rewrite stunnel.conf when upgrading from stunnel 4.xx. 14-lsb-init-functions.patch 8-) 15-upstream-systemd-libs.patch This (and more) will be included in stunnel 5.07. 16-upstream-sslv23-method.patch This will be included in stunnel 5.07. Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJVNsCAAAoJEC78f/DUFuAUpfUP/j13koMgtnVLfsACIqUEaZw3 1uADOP/Dugqbn/QcwSqWAlcTrf7So98AQrB88xAhN8C3fwP375GmcNmPgJx4RRme fU/Wo0aFaCq0JOReiQkNiyj3pqf+J2NxZlZM5ZpzzpA80x8AlyLqBwPfBAtxgYNJ rb5AyIoGPkzfXM8OSz8YJXZtgXT4lrSCE5djlWHHBqy9ioUZCEuyVXeT5Y90sXOg wOA/EX3fTKEJZckoiNoTPAh9pLZ9M29lLM7wLEu5BFWwh/TtHk0ZFADo3Kzi/+4G Q6h9236DmH1NHA/FzMfFbKEYz/0yeOUMfet8LsRNNRRrFJEp+miMemSYajGMA3IT UVW4UNOa+CppVgkRpVMGfl/Lw53GP63xbLIRuZs17py03hNBHz2pyZneWWKTJEun xJQC4QJ3Z3YYXd71jpHIKjcDBXmIzcG8Z9QylaTywk8MBBBpjuRTXkIAlWWj2Iyk LVRsAgtooUKlQzUoAoseRygDv+Wbp/qVNL1Zogy7PmfORmqZOz08jRpDlXFgjPjR evGztgApTR+FSMO9f052z/Sql0chb5mhtdAtdBKpRE3CgtIrCHfcalSOyeCleHJK NMEbqfed9Oq2WA0/W89ilGtJWRH4v0GnYCfbYhbSoXp9DytdHPbhRUsiJL8LO34b 1cuMSsQ9LjF+3WyRie4m =SrZs -----END PGP SIGNATURE-----

1 0

stunnel 5.16 release
by Michal Trojnara 19 Apr '15

19 Apr '15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Users, I have released version 5.16 of stunnel. This release only fixes a compilation issue with old versions of gcc. The Win32/Android binaries are basically the same as for version 5.15. The ChangeLog entry: Version 5.16, 2015.04.19, urgency: MEDIUM: * Bugfixes - Fixed compilation with old versions of gcc. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: b6b7e93fb2626eaabae1c8474e1dfa23962cfde8fa35c8602289fcaa4f53608d stunnel-5.16.tar.gz a701e6421c3020cc832ecb0e3a897c427a3838e0e180999ed8d905a9283fbb97 stunnel-5.16-installer.exe 2e559cc300b678fb2d05c2d2d3dc13d16cb44915f0165bea6290f741fccaa54c stunnel-5.16-android.zip Best regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVM7KGAAoJEC78f/DUFuAUWwoQAJUnjUpyNLhjUQxRwScKjgNx AJ5OPZHXwVjX+xvtSSOjlkK/pk5l4SaEbNtq6hwMGliDpowXXDGXeYwNbmACXGuM sZWzdTUC69WKLQcwfTmn5BmsPQtczaCDQdyBVGSII4qg0mFIU4e1GYT0t8od7OcU n17nnRCLEaS2xlDwR5ImMuRjD+BdpEgZdiRXqtJkyjX8+aSRsEtSVjDBJ5wtsYNN 9pyMp8xU+7+sxX5GiLQ8+IcqcUq+W53nMJQZmN5vQ8O2ShxuBeZYdvembPhybvlE NrnfmjvDtl6A0iFs8ZhRRPTJZTKqj88UGhn49g3eQBH+CbNK08GalWCwR/uX8yFb +Z801mNIxJQrPnSlSaWLDPGNQ9GBqxliui1IR+Biv1KpmcPWBDAOI+Y7Hqyy1/5r MUDT9GB4HLZTC6aWtR0IyG30w3CvUmNr+sENu91ewvl0I1Z04yWyK+wQ3L3CbWyk aVBaNmt09pR8zgU9nvw8aAE2MLJ5oCgoangGpO6rEL0frh7TZhzD9sOMMVefKZDY rPPApyOiphH+3nnh9EiM357S9saXJMFe8/gNh6+lNXmYJ0ngMcPybz9mNV+RbbZU P1itA5RYBAwDTEJcpvATEj8ni9YPdDdFVmMrvC7ay5KZo0HWHxH23ryShBN9XYjC diuX4vtV2LMVYV5dlmAj =Eer2 -----END PGP SIGNATURE-----

1 0

stunnel 5.15 release
by Michal Trojnara 16 Apr '15

16 Apr '15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Users, I have released version 5.15 of stunnel. The ChangeLog entry: Version 5.15, 2015.04.16, urgency: LOW: * New features - Added new service-level options "checkHost", "checkEmail" and "checkIP" for additional checks of the peer certificate subject. These options require OpenSSL version 1.0.2 or higher. - Win32 binary distribution now ships with the Mozilla root CA bundle. This bundle is intended be used together with the new "checkHost" option to validate server certs accepted by Mozilla. - New commandline options "-reload" to reload the configuration file and "-reopen" to reopen the log file of stunnel running as a Windows service (thx to Marc McLaughlin). - Added session persistence based on negotiated TLS sessions. https://en.wikipedia.org/wiki/Load_balancing_%28computing%29#Persistence The current implementation does not support external TLS session caching with sessiond. - MEDIUM ciphers (currently SEED and RC4) are removed from the default cipher list. - The "redirect" option was improved to not only redirect sessions established with an untrusted certificate, but also sessions established without a client certificate. - OpenSSL version checking modified to distinguish FIPS and non-FIPS builds. - Improved compatibility with the current OpenSSL 1.1.0-dev tree. - Removed support for OpenSSL versions older than 0.9.7. The final update for the OpenSSL 0.9.6 branch was 17 Mar 2004. - "sessiond" support improved to also work in OpenSSL 0.9.7. - Randomize the initial value of the round-robin counter. - New stunnel.conf templates are provided for Windows and Unix. * Bugfixes - Fixed compilation against old versions of OpenSSL. - Fixed memory leaks in certificate verification. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 58ff4645eb5d6bd64e6ddedaa683534302f75625c531e8a6364badcac0541cba stunnel-5.15.tar.gz 08316dc39f72f10f7b28a67e25ddf90f3f189208b09562c12d81478c6ca2e782 stunnel-5.15-installer.exe db96edbe66f1c3524e51f21b47cc541953d1659e746765a43d0272cfe60712b0 stunnel-5.15-android.zip Best regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVL7wqAAoJEC78f/DUFuAU+30P/Ar197tSUJC0+sLBXwddWkm4 J7d9lFThQFECDDSIqaFYfCuecIgGHk8LUVq8nQHh21H1tvpPp7SnYHkzOLsb2w/y G7rLdA+a8BgRTUF3rMxTyghL78Yor88OLI8J93U7pkQkl0bIZpiITn838R5x9/NP +nGTgqy3U5tNoXALBQ/tLZCNML/XaEyxfrbdStOslV5Ay3m23RPw9wqgD4tJoWqe 5x52sMmLh0nhE5lX3xAKxzabVcioAaqVlBEgK1/ZKJj709Olcv14HZcOWzWhWkka MR0ItrZMkYf3lLk/StDm3s2BakKRraRustxlK8wAV4ci7t/IBnWshIpYIij9Nzct HNOT10GjWpN6pwwixNcMBUn7/wDNjiRVw/1n/keL84qSYry54Czo1LpBra1lMCmg 8WENkpJbaNFHvXI4rEzZkiPdlG16tXHF33CcYxwrT8bCXa+Uk4i8c98TJ2jfOaUv VFVLWxFtK4ydoppgOo2eRuymVPNK4HbLZnLPL874xPlHpYjRl5ndClLeDpkDzgJv 8y6zdYwJLFbinWGGHTZIVlyQQfKzB1NDCfXxknsbxtCpZt5Ja0Ka+oS6kcOMZz6f CjYpmd52wjEtAoxxxsjGGrYsO3q0sn0UU3Kc97lGGS/MsgbXFYDnSGqP+p8lzDoq urHG9EjMxXNMcnmKp9JQ =XLyZ -----END PGP SIGNATURE-----

1 0

stunnel 5.14 release
by Michal Trojnara 25 Mar '15

25 Mar '15

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dear Users, I have released version 5.14 of stunnel. The ChangeLog entry: Version 5.14, 2015.03.25, urgency: HIGH: * Security bugfixes - The "redirect" option now also redirects clients on SSL session reuse. In stunnel versions 5.00 to 5.12 reused sessions were never redirected regardless of their certificate verification result. This vulnerability was reported by Johan Olofsson. * New features - Windows service is automatically restarted after upgrade. * Bugfixes - Fixed a memory allocation error during Unix daemon shutdown. - Fixed handling multiple connect/redirect destinations. - OpenSSL FIPS builds are now correctly reported on startup. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 2197b4fc1db82eba69c8baf1fac30f0767af26e9f8c7e9e1d5a4a8fbb264695a stunnel-5.14.tar.gz 29364b3f07a84245fe1b0f8373d96c9924650a8058e602670a67a2da07a801bd stunnel-5.14-installer.exe e3b48534bb4a5f8237e4ed1aa4990ed8485bdf97f6e0b8da2507dbd9b5cad34c stunnel-5.14-android.zip Best regards, Mike -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVEs/mAAoJEC78f/DUFuAUNq4P/A7Ap1NkzfhZQJWJMJthar1P hoVHIzuH7dGbRt4C5s0PgbC4S9UOz8wdcKbsNcPJRQf0PXP5oVARo2bx+3dV9uAC /6GRL+a5Rj8HU5vG4UX/9D5D0pvwcyFkk7sIxUhyeKSHcEH354Vgw0AlJM6GiWKG nwE5RJ3JTdxi8A4e10p3ZKnPg4Y0eWmpkm1qkqH9RWKj9+BbLaPt7ZvRBNYNicq3 3BtVaJ5KLGvWaQRww+llhvPnR2K+h7PnJiaIKm/cIHzbP8VLjoVWy/Dk5EOku6Zg iCfz8uFzezz+9NwwjjEl2KfGUNdBaZf02R2LqN57pTZyBPZNVH9G7IE1/BGJh7Ai f440LTC29OB7qnJThDRdU16x/Iz+NTcc1QFK4x7eTD+nTouUuyZh9Md0x4DD9jwk CL3dHZ6abUO9j7V04Sb8+wfWzP/pZdilWLyY1jj8L41EPXyb0DE3ZsrHyN7lJ2Fx OihfevJhB9bzCzXiLg0oW61YRUm5prRTxMaeTAC53fITlvx0yf9pHFNy0OtoTNr+ t0Skf/LMaZnvU0rE0UBSjqQbpKNaRff5zsGrI/NLgk98X/NTdakgrgsS0jjaQgYm 7mgH4mKoI9qL2YUMw7d9eGg8j8I9qewhaQYjVz4kGoq9YOCVhh69XormcGMAXXjY gf3RNVLzQH4N19TYz5a8 =lrVy -----END PGP SIGNATURE-----

1 0

← Newer
1
2
3
4
5
6
7
8
...
15
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

stunnel-announce