Dear users,
The list address has been changed from stunnel-announce(a)stunnel.org
to stunnel-announce(a)lists.stunnel.org. Please let me know if you
experience any issues caused by this change.
Best regards,
Mike
Dear Users,
I have released version 5.77 of stunnel.
### Version 5.77, 2026.02.17, urgency: MEDIUM
* Security bugfixes
- OpenSSL DLLs updated to version 3.5.5.
* Bugfixes
- Avoid attempting to fetch OCSP stapling for PSK-only configuration
sections.
* Features
- Merged applicable patches from Fedora and Debian:
- Use SOURCE_DATE_EPOCH for reproducible builds.
- Skip the OpenSSL version check when AUTOPKGTEST_TMP is set.
- Enable PrivateTmp in the stunnel.service template.
- Clarify the manual page for the "curves" option.
- Log client IP addresses on TLS errors.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
ec026f4fae4e0d25b940cc7a9451d925e359e7fd59e9edad20baea66ce45f263
stunnel-5.77.tar.gz
59ba0c5330de85ef474164b40cc559b2eb4e2b8d788c48b564e2257efa236384
stunnel-5.77-win64-installer.exe
718431a1d3c889806b61d6f082bbfaaa29529ce422d8115ad2211574dfb89ec1
stunnel-5.77-android.zip
Best regards,
Mike
Dear Users,
I have released version 5.76 of stunnel.
### Version 5.76, 2025.10.18, urgency: MEDIUM
* Security bugfixes
- OpenSSL DLLs updated to version 3.5.4.
- Service-level multivalued options now override (rather than
append to) global defaults, preventing unintended configurations.
* Bugfixes
- Fixed enabling/disabling of the default fips=yes property.
- Missing OCSP stapling is no longer logged as an error.
- Fixed a crash when a PIN was required due to the PKCS#11
CKA_ALWAYS_AUTHENTICATE attribute.
* Features
- Quantum-resistant hybrid key agreement X25519+ML-KEM-768
(X25519MLKEM768) used by default with OpenSSL 3.5+ and TLS 1.3.
- Multiple cert sources are supported, allowing a certificate to
be fetched from a provider while loading the chain from a file.
- Android build switched to a 16 KB page size.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
cda37eb4d0fb1e129718ed27ad77b5735e899394ce040bb2be28bbb937fd79e1
stunnel-5.76.tar.gz
d93c7c01366d38ebd27689d606e45197ba8e2e2a32d1a186a81d2b01186bfb56
stunnel-5.76-win64-installer.exe
f081281c92f6dc245e23d57930f3963d0155a9fc4a707b7414c941e8e60a1957
stunnel-5.76-android.zip
Best regards,
Mike
Dear Users,
I have released version 5.75 of stunnel.
### Version 5.75, 2025.05.26, urgency: MEDIUM
* Security bugfixes
- OpenSSL DLLs updated to version 3.4.1.
- OpenSSL FIPS Provider updated to version 3.1.2.
* Bugfixes
- Fixed infinite loop triggered by OCSP URL parsing errors
(thx to Richard Könning for reporting).
- Fixed OPENSSL_NO_OCSP build issues
(thx to Dmitry Mostovoy for reporting).
- Fixed default curve selection in FIPS mode with OpenSSL 3.4+.
- Fixed tests with modern Python versions.
- Fixed tests with multiple OpenSSL versions installed.
* Features
- Added provider URI support for "cert" and "key" options.
- Added new "CAstore" service-level option (OpenSSL 3.0+).
- Added "provider" (OpenSSL 3.0+), "providerParameter"
(OpenSSL 3.5+), and "setEnv" global options.
- Key file/URI path added to passphrase prompt on Unix.
- PKCS#11 provider installed on Windows.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
0c1ef0ed85240974dccb94fe74fb92d6383474c7c0d10e8796d1f781a3ba5683
stunnel-5.75.tar.gz
18ec3b83bda9143c79479ecdc1e3ecf515eeb8a8b11e6ea3a6856cd77399317d
stunnel-5.75-win64-installer.exe
d1a04ec51840d8cbf5fb6d897d2eb999af573b5b66268fdec109cddaff2acfb7
stunnel-5.75-android.zip
Best regards,
Mike
Dear Users,
I have released version 5.74 of stunnel.
### Version 5.74, 2024.12.13, urgency: HIGH
* Bugfixes
- Fixed a stapling cache deallocation crash.
- Fixed "redirect" with protocol negotiation.
* Features
- "protocolHost" support for "socks" protocol clients.
- More detailed logs in OpenSSL 3.0 or later.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
9bef235ab5d24a2a8dff6485dfd782ed235f4407e9bc8716deb383fc80cd6230
stunnel-5.74.tar.gz
8ce19cc782a64b0cacf32356249265ed16b3888e3578454853f5497726778d76
stunnel-5.74-win64-installer.exe
68c3395c1bebcc8b4eee2c7f58190aa2fe39b835dd7a4cce5ad37d5dfc1c5542
stunnel-5.74-android.zip
Best regards,
Mike
Dear Users,
I have released version 5.73 of stunnel.
### Version 5.73, 2024.09.09, urgency: MEDIUM
* Security bugfixes
- OpenSSL DLLs updated to version 3.3.2.
- OpenSSL FIPS Provider updated to version 3.0.9.
* Bugfixes
- Fixed a memory leak while reloading stunnel.conf
sections with "client=yes" and "delay=no".
- Fixed TIMEOUTocsp with values greater than 4.
- Fix the IPv6 test on a non-IPv6 machine.
* Features
- HELO replaced with EHLO in the post-STARTTLS SMTP
protocol negotiation (thx to Peter Pentchev).
- OCSP stapling fetches moved away from server threads.
- Improved client-side session resumption.
- Added support for the mimalloc allocator.
- Check for protocolHost moved to configuration file
processing for the client-side CONNECT protocol.
- Clarified some confusing OpenSSL's certificate
verification error messages.
- stunnel.nsi updated for Debian 13 and Fedora.
- Improved NetBSD compatibility.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
bc917c3bcd943a4d632360c067977a31e85e385f5f4845f69749bce88183cb38
stunnel-5.73.tar.gz
d686b1a4135947718e7a8157a8cb6694ed50e2267713de1972941148a8859789
stunnel-5.73-win64-installer.exe
9d6065ea1e7fa59405b5a152eeeaed9296bd5a0d2b11964800e95867e7391f16
stunnel-5.73-android.zip
Best regards,
Mike
Dear Users,
I have released version 5.72 of stunnel.
### Version 5.72, 2024.02.04, urgency: MEDIUM
* Security bugfixes
- OpenSSL DLLs updated to version 3.2.1.
* Bugfixes
- Fixed SSL_CTX_new() errors handling.
- Fixed OPENSSL_NO_PSK builds.
- Android build updated for NDK r23c.
- stunnel.nsi updated for Debian 12.
- Fixed tests with OpenSSL older than 1.0.2.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
3d532941281ae353319735144e4adb9ae489a10b7e309c58a48157f08f42e949
stunnel-5.72.tar.gz
1037c53f8ab590c2f3001e54cf381c3ea4225e9670b03870191383060e6851e7
stunnel-5.72-win64-installer.exe
668161b90034820198c456b4137ed3680d6fd49d4de920d51e499b84538f63d3
stunnel-5.72-android.zip
Best regards,
Mike
Dear Users,
I have released version 5.71 of stunnel.
### Version 5.71, 2023.09.19, urgency: MEDIUM
* Security bugfixes
- OpenSSL DLLs updated to version 3.1.3.
* Bugfixes
- Fixed the console output of tstunnel.exe.
* Features sponsored by SAE IT-systems
- OCSP stapling is requested and verified in the client mode.
- Using "verifyChain" automatically enables OCSP
stapling in the client mode.
- OCSP stapling is always available in the server mode.
- An inconclusive OCSP verification breaks TLS negotiation.
This can be disabled with "OCSPrequire = no".
- Added the "TIMEOUTocsp" option to control the maximum
time allowed for connecting an OCSP responder.
* Features
- Added support for Red Hat OpenSSL 3.x patches.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
f023aae837c2d32deb920831a5ee1081e11c78a5d57340f8e6f0829f031017f5
stunnel-5.71.tar.gz
945df5118473bcbf1ecdc5561fd6f26743c5dd1fd82e1a25199d0fd5c39a9373
stunnel-5.71-win64-installer.exe
d511df533bb89464a324b2439e7e04b24b6ce26ecc0e03b67ada307725343d40
stunnel-5.71-android.zip
Best regards,
Mike
Dear Users,
I have released version 5.70 of stunnel.
### Version 5.70, 2023.07.12, urgency: HIGH
* Security bugfixes
- OpenSSL DLLs updated to version 3.0.9.
- OpenSSL FIPS Provider updated to version 3.0.8.
* Bugfixes
- Fixed TLS socket EOF handling with OpenSSL 3.x.
This bug caused major interoperability issues between
stunnel built with OpenSSL 3.x and Microsoft's
Schannel Security Support Provider (SSP).
- Fixed reading certificate chains from PKCS#12 files.
* Features
- Added configurable delay for the "retry" option.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
7bbc7b9e9a988d76301325db4c110ec360a98ffb8a221c7accbff9c0a8bae2f3
stunnel-5.70.tar.gz
c50fb79329ddbf095e65ba8817a0249188aa5b25f15557f8504d8f65876034d9
stunnel-5.70-win64-installer.exe
df87f71596ddd8730a5394fd3795b32689664816c0aa87e206e94fdab540f672
stunnel-5.70-android.zip
Best regards,
Mike
Dear Users,
I have released version 5.69 of stunnel.
### Version 5.69, 2023.03.04, urgency: MEDIUM
* New features
- Improved logging performance with the "output" option.
- Improved file read performance on the WIN32 platform.
- DH and kDHEPSK ciphersuites removed from FIPS defaults.
- Set the LimitNOFILE ulimit in stunnel.service to allow
for up to 10,000 concurrent clients.
* Bugfixes
- Fixed the "CApath" option on the WIN32 platform by
applying https://github.com/openssl/openssl/pull/20312.
- Fixed stunnel.spec used for building rpm packages.
- Fixed tests on some OSes and architectures by merging
Debian 07-tests-errmsg.patch (thx to Peter Pentchev).
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
1ff7d9f30884c75b98c8a0a4e1534fa79adcada2322635e6787337b4e38fdb81 stunnel-5.69.tar.gz
66c4f3bbb94c4a274f2e8e98e3d44e74c0460d6494986f0a94b9b8becdc63cc3 stunnel-5.69-win64-installer.exe
74813a0be13270b5348fc4bc7c16ada668d151773be19f404db1176b7e22aafc stunnel-5.69-android.zip
Best regards,
Mike
