Dear Users,
I have released version 5.50 of stunnel.
Version 5.50, 2018.12.02, urgency: MEDIUM * New features - 32-bit Windows builds replaced with 64-bit builds. - OpenSSL DLLs updated to version 1.1.1. - Check whether "output" is not a relative file name. - Major code cleanup in the configuration file parser. - Added sslVersion, sslVersionMin and sslVersionMax for OpenSSL 1.1.0 and later. * Bugfixes - Fixed PSK session resumption with TLS 1.3. - Fixed a memory leak in WIN32 logging subsystem. - Allow for zero value (ignored) TLS options. - Partially refactored configuration file parsing and logging subsystems for clearer code and minor bugfixes. * Caveats - We removed FIPS support from our standard builds. FIPS will still be available with bespoke builds.
Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html
SHA-256 hashes: 951d92502908b852a297bd9308568f7c36598670b84286d3e05d4a3a550c0149 stunnel-5.50.tar.gz e855d58a05dca0943a5da8d030b5904630ee9cff47c3d747d326e151724f3bc8 stunnel-5.50-win64-installer.exe ad6c952cd26951c5a986efe8034b71af07c951e11d06e0b0ce73ef82594b1041 stunnel-5.50-android.zip
Best regards, Mike
Hi!
On 2018-12-03 00:10, Michal Trojnara wrote:
- 32-bit Windows builds replaced with 64-bit builds. - OpenSSL DLLs updated to version 1.1.1.
Nice, thanks! But...
- Fixed PSK session resumption with TLS 1.3.
Is this related to the Zizhong's posting? Because I am using PSK and now the connection fails unless I disable TLS 1.3:
2018.12.03 10:39:36 LOG7[ui]: Found 1 ready file descriptor(s) 2018.12.03 10:39:36 LOG7[ui]: FD=4 events=0x2001 revents=0x0 2018.12.03 10:39:36 LOG7[ui]: FD=8 events=0x2001 revents=0x1 2018.12.03 10:39:36 LOG7[ui]: Service [xxxxxx] accepted (FD=3) from ::ffff:xxxxxxxxxxxxxx:52864 2018.12.03 10:39:36 LOG7[1]: Service [xxxxxx] started 2018.12.03 10:39:36 LOG7[1]: Setting local socket options (FD=3) 2018.12.03 10:39:36 LOG7[1]: Option TCP_NODELAY set on local socket 2018.12.03 10:39:36 LOG5[1]: Service [xxxxxx] accepted connection from ::ffff:xxxxxxxxxxxxxx:52864 2018.12.03 10:39:36 LOG6[1]: Peer certificate not required 2018.12.03 10:39:36 LOG7[1]: TLS state (accept): before SSL initialization 2018.12.03 10:39:36 LOG7[1]: TLS state (accept): before SSL initialization 2018.12.03 10:39:36 LOG5[1]: Key configured for PSK identity "xxxxxxx" 2018.12.03 10:39:36 LOG7[1]: TLS alert (write): fatal: internal error 2018.12.03 10:39:36 LOG7[1]: Deallocating application specific data for session connect address 2018.12.03 10:39:36 LOG3[1]: SSL_accept: 141F9044: error:141F9044:SSL routines:tls_parse_ctos_psk:internal error 2018.12.03 10:39:36 LOG5[1]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2018.12.03 10:39:36 LOG7[1]: Local descriptor (FD=3) closed 2018.12.03 10:39:36 LOG7[1]: Service [xxxxxx] finished (0 left)
Server has OpenSSL 1.1.1 on Linux (F29), client has the included OpenSSL 1.1.1a on Windows. The clients merely logs "SSL_connect: Peer suddenly disconnected",
Regards, Jakob
Hello,
Jakob Hirsch jh@plonk.de wrote:
- Fixed PSK session resumption with TLS 1.3.
Is this related to the Zizhong's posting? Because I am using PSK and now the connection fails unless I disable TLS 1.3:
Server has OpenSSL 1.1.1 on Linux (F29), client has the included OpenSSL 1.1.1a on Windows. The clients merely logs "SSL_connect: Peer suddenly disconnected",
I believe it is related to my previous posting. In my tests, I can confirm that stunnel has fixed the PSK session resumption issue with TLS v1.3 now. Thank you Michal!
Unfortunately, I was unable to replicate your error with Fedora 29 (OpenSSL 1.1.1) and the latest Windows binary.
-
Jakob Hirsch -
Michal Trojnara -
Zizhong Zhang