Dear Users,
I have released version 5.51 of stunnel.
Version 5.51, 2019.04.04, urgency: MEDIUM * New features - Hexadecimal PSK keys are automatically converted to binary. - Session ticket support (requires OpenSSL 1.1.1 or later). "connect" address persistence is currently unsupported with session tickets. - SMTP HELO before authentication (thx to Jacopo Giudici). - New "curves" option to control the list of elliptic curves in OpenSSL 1.1.0 and later. - New "ciphersuites" option to control the list of permitted TLS 1.3 ciphersuites. - Include file name and line number in OpenSSL errors. - Compatibility with the current OpenSSL 3.0.0-dev branch. - Better performance with SSL_set_read_ahead()/SSL_pending(). * Bugfixes - Fixed PSKsecrets as a global option (thx to Teodor Robas). - Fixed a memory allocation bug (thx to matanfih).
Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html
SHA-256 hashes: 77437cdd1aef1a621824bb3607e966534642fe90c69f4d2279a9da9fa36c3253 stunnel-5.51.tar.gz a0e26fde3ba09d6545cfbb44cab06ebd4ddf9c4b536e7d8eb76615ab54b2339c stunnel-5.51-win64-installer.exe ee90bef40cb47617fe7372707dba119f5176cb0fd9eb1bc00cdd1e2c370041db stunnel-5.51-android.zip
Best regards, Mike
Hi!
On 2019-04-04 22:43, Michal Trojnara wrote:
- Hexadecimal PSK keys are automatically converted to binary.
i.e., everything that contains only hex characters ([0-9a-f]+) will be considered a a hex key? I really like that, but that's a breaking change for people using a key that consists of hex chars (and don't keep client/server version in sync). This may sound stupid, as you vastly limit your key space, but mitigated by simply doubling your key size. Maybe not many people are using such keys (or PSK in general), though...
The good news is, that PSK connections now also work with TLSv1.3, so: Yay!
-
Jakob Hirsch -
Michal Trojnara