Question on trying to setup stunnel 5.76 on Fedora 42/43 system.
Run into some issues with trying to upgrade the stunnel to 5.76 version while Fedora repos version is still at 5.75. Found one thing that showed using this configurations options. ./configure \ --sysconfdir=/etc \ --localstatedir=/var \ --enable-systemd \ --with-ssl=/usr But using it, the stunnel 5.76 is still installing in /usr/local/bin? Also, finding the systemctl status stunnel is still showing the /usr/bin/stunnel 5.75 being run? Removed the fedora repo version, and then systemctl no longer shows a service for stunnel, but run it manually at boot, and it works fine. Seems the fedora version has a ENGINE option that the stunnel option doesn't. stunnel -version Initializing inetd mode configuration stunnel 5.76 on x86_64-pc-linux-gnu platform Compiled/running with OpenSSL 3.2.6 30 Sep 2025 Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:FIPS,OCSP,PSK,SNI Global options: fips = no RNDbytes = 1024 RNDfile = /dev/urandom RNDoverwrite = yes Service-level options: ciphers = FIPS:!DH:!kDHEPSK (with "fips = yes") ciphers = HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK (with "fips = no") ciphersuites = TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_C HACHA20_POLY1305_SHA256 (with TLSv1.3) curves = P-256:P-521:P-384 (with "fips = yes") curves = X25519:P-256:X448:P-521:P-384 (with "fips = no") debug = daemon.notice logId = sequential options = NO_SSLv2 options = NO_SSLv3 securityLevel = 2 sessionCacheSize = 1000 sessionCacheTimeout = 300 seconds stack = 131072 bytes TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds TIMEOUTocsp = 5 seconds verify = none Know that sometmes the fedora repo doesn't update each time, or it takes more time? Is there way to install the latest version and have the systemd setup to work. At present, have the Fedora repo version uninstalled, and run the stunnel in rc.local? Thanks. +------------------------------------------------------------+ Michael D. Setzer II - Computer Science Instructor (Retired) mailto:mikes@guam.net mailto:msetzerii@gmail.com mailto:msetzerii@gmx.com Guam - Where America's Day Begins G4L Disk Imaging Project maintainer http://sourceforge.net/projects/g4l/ +------------------------------------------------------------+
12 Feb 2026 21:14:14 Michael D. Setzer II via stunnel-users <stunnel-users@stunnel.org>:
Run into some issues with trying to upgrade the stunnel to 5.76 version while Fedora repos version is still at 5.75.
Found one thing that showed using this configurations options. ./configure \ --sysconfdir=/etc \ --localstatedir=/var \ --enable-systemd \ --with-ssl=/usr
But using it, the stunnel 5.76 is still installing in /usr/local/bin?
Installing custom software in system locations is a bad idea. Use /usr/local/ (the default) or /opt/stunnel/. If you really need to break your package manager, use --prefix and --bindir. Also, systemd socket activation is enabled by default if the required packages are installed. Running stunnel from rc.local works for you, so you likely don't use/need socket activation. systemd socket activation and systemd .service file are *not* the same.
Removed the fedora repo version, and then systemctl no longer shows a service for stunnel, but run it manually at boot, and it works fine.
There is a stunnel.service file distributed with stunnel that you could use.
Seems the fedora version has a ENGINE option that the stunnel option doesn't.
https://fedoraproject.org/wiki/Changes/OpensslNoBuildEngine I guess. Fedora guys seem eager to remove useful features they don't like. Feel free to complain to them. And no, stunnel cannot support an OpenSSL feature that was disabled when building your OpenSSL library.
Know that sometmes the fedora repo doesn't update each time, or it takes more time?
Consider contacting the stunnel package manager in Fedora. The upstream project has no control over individual distros packaging our work.
Is there way to install the latest version and have the systemd setup to work.
A few ways actually, including building an rpm for your distro.
At present, have the Fedora repo version uninstalled, and run the stunnel in rc.local?
This works as well if you haven't configured the stunnel.service file. Best regards, Mike
One quick note. Added the options. setuid = nobody setgid = nobody But Fedorea didn't like using nogroup ;setuid = nobody ;setgid = nogroup so used nobody for both, and that did start, and seems to work fine. Use stunnel with Pegasus Mail to access 3 ISPs. Thanks again. stunnel 5.76 on x86_64-pc-linux-gnu platform Compiled/running with OpenSSL 3.2.6 30 Sep 2025 Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:FIPS,OCSP,PSK,SNI On 12 Feb 2026 at 23:20, Michał Trojnara via stunnel wrote: Date sent: Thu, 12 Feb 2026 23:20:44 +0100 To: stunnel-users@stunnel.org Subject: [stunnel-users] Re: Question on trying to setup stunnel 5.76 on Fedora 42/43 system. patches" <stunnel-users.stunnel.org> From: Michał Trojnara via stunnel-users <stunnel-users@stunnel.org> Send reply to: Michał Trojnara <Michal.Trojnara@stunnel.org>
12 Feb 2026 21:14:14 Michael D. Setzer II via stunnel-users <stunnel-users@stunnel.org>:
Run into some issues with trying to upgrade the stunnel to 5.76 version while Fedora repos version is still at 5.75.
Found one thing that showed using this configurations options. ./configure \ --sysconfdir=/etc \ --localstatedir=/var \ --enable-systemd \ --with-ssl=/usr
But using it, the stunnel 5.76 is still installing in /usr/local/bin?
Installing custom software in system locations is a bad idea. Use /usr/local/ (the default) or /opt/stunnel/.
If you really need to break your package manager, use --prefix and --bindir.
Also, systemd socket activation is enabled by default if the required packages are installed. Running stunnel from rc.local works for you, so you likely don't use/need socket activation. systemd socket activation and systemd .service file are *not* the same.
Removed the fedora repo version, and then systemctl no longer shows a service for stunnel, but run it manually at boot, and it works fine.
There is a stunnel.service file distributed with stunnel that you could use.
Seems the fedora version has a ENGINE option that the stunnel option doesn't.
https://fedoraproject.org/wiki/Changes/OpensslNoBuildEngine I guess.
Fedora guys seem eager to remove useful features they don't like. Feel free to complain to them.
And no, stunnel cannot support an OpenSSL feature that was disabled when building your OpenSSL library.
Know that sometmes the fedora repo doesn't update each time, or it takes more time?
Consider contacting the stunnel package manager in Fedora. The upstream project has no control over individual distros packaging our work.
Is there way to install the latest version and have the systemd setup to work.
A few ways actually, including building an rpm for your distro.
At present, have the Fedora repo version uninstalled, and run the stunnel in rc.local?
This works as well if you haven't configured the stunnel.service file.
Best regards, Mike
+------------------------------------------------------------+ Michael D. Setzer II - Computer Science Instructor (Retired) mailto:mikes@guam.net mailto:msetzerii@gmail.com mailto:msetzerii@gmx.com Guam - Where America's Day Begins G4L Disk Imaging Project maintainer http://sourceforge.net/projects/g4l/ +------------------------------------------------------------+
participants (2)
-
Michael D. Setzer II -
Michał Trojnara