[stunnel-users] stunnel 4.37 released
Michal Trojnara
Michal.Trojnara at mirt.net
Fri Jun 17 23:15:31 CEST 2011
Dear Users,
I have just released version 4.37 of stunnel. This release is mainly
intended to fix bugs and portability issues introduced in versions
4.35 and 4.36.
This version also provides new security defaults, updated to better
match current best practices in cryptographic applications.
The ChangeLog entry:
Version 4.37, 2011.06.17, urgency: MEDIUM:
* New features
- Client-side SNI implemented (RFC 3546 section 3.1).
- Default "ciphers" changed from the OpenSSL default to a more secure
and faster "RC4-MD5:HIGH:!aNULL:!SSLv2".
A paranoid (and usually slower) setting would be "HIGH:!aNULL:!
SSLv2".
- Recommended "options = NO_SSLv2" added to the sample stunnel.conf
file.
- Default client method upgraded from SSLv3 to TLSv1.
To connect servers without TLS support use "sslVersion = SSLv3"
option.
- Improved --enable-fips and --disable-fips ./configure option
handling.
- On startup stunnel now compares the compiled version of OpenSSL
against
the running version of OpenSSL. A warning is logged on mismatch.
* Bugfixes
- Non-blocking socket handling in local mode fixed (Debian bug
#626856).
- UCONTEXT threading mode fixed.
- Removed the use of gcc Thread-Local Storage for improved
portability.
- va_copy macro defined for platforms that do not have it.
- Fixed "local" option parsing on IPv4 systems.
- Solaris compilation fix (redefinition of "STR").
Home page: http://www.stunnel.org/
Download: ftp://ftp.stunnel.org/stunnel/
SHA-256 hash for stunnel-4.37.tar.gz:
02ca30609ccb26f6e52ff7eb79a6778ea452a04432eaef7d959d19933f6fe109
Best regards,
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20110617/2efa4a3a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20110617/2efa4a3a/attachment.sig>
More information about the stunnel-users
mailing list