Version 4.37, 2011.06.17, urgency: MEDIUM:
* New features
- Client-side SNI implemented (RFC 3546 section 3.1).
- Default "ciphers" changed from the OpenSSL default to a more secure
and faster "RC4-MD5:HIGH:!aNULL:!SSLv2".
A paranoid (and usually slower) setting would be "HIGH:!aNULL:!SSLv2".
- Recommended "options = NO_SSLv2" added to the sample stunnel.conf file.
- Default client method upgraded from SSLv3 to TLSv1.
To connect servers without TLS support use "sslVersion = SSLv3" option.
- Improved --enable-fips and --disable-fips ./configure option handling.
- On startup stunnel now compares the compiled version of OpenSSL against
the running version of OpenSSL. A warning is logged on mismatch.
* Bugfixes
- Non-blocking socket handling in local mode fixed (Debian bug #626856).
- UCONTEXT threading mode fixed.
- Removed the use of gcc Thread-Local Storage for improved portability.
- va_copy macro defined for platforms that do not have it.
- Fixed "local" option parsing on IPv4 systems.
- Solaris compilation fix (redefinition of "STR").