Dear Users,
I have released version 4.43 of stunnel.
The ChangeLog entry:
Version 4.43, 2011.09.07, urgency: MEDIUM:
* New features
- Updated Win32 DLLs for OpenSSL 1.0.0e.
- Major optimization of the logging subsystem.
Benchmarks indicate up to 15% performance improvement.
* Bugfixes
- Fixed WIN32 configuration file reload.
- Fixed FORK and UCONTEXT threading models.
- Corrected INSTALL.W32 file.
Home page: http://www.stunnel.org/
Download: ftp://ftp.stunnel.org/stunnel/
SHA-256 hash for stunnel-4.43.tar.gz:
93a002d9e1652d7684756af75b44b00f99aa93574e8a5a2e69f88656221d5ce2
Best regards,
Mike
Dear Users,
I have released version 4.42 of stunnel. This is a security bugfix
release. Upgrade is highly recommended!
The ChangeLog entry:
Version 4.42, 2011.08.18, urgency: HIGH:
* New features
- New verify level 0 to request and ignore peer certificate. This
feature is useful with the new Windows GUI menu to save cached peer
certificate chains, as SSL client certificates are not sent by
default.
- Manual page has been updated.
- Removed support for changing Windows Service name with "service"
option.
* Bugfixes
- Fixed a heap corruption vulnerability in versions 4.40 and 4.41.
It may
possibly be leveraged to perform DoS or remote code execution
attacks.
- The -quiet commandline option was applied to *all* message boxes.
- Silent install (/S option) no longer attempts to create
stunnel.pem.
Home page: http://www.stunnel.org/
Download: ftp://ftp.stunnel.org/stunnel/
SHA-256 hash for stunnel-4.42.tar.gz:
d33c407bfc4f58070e818081bd082c38f91cab7691ccbb794da63143c535de3b
Best regards,
Mike
Dear Users,
I have released version 4.41 of stunnel. This is a bugfix release. I
highly recommend Windows users to upgrade.
The ChangeLog entry:
Version 4.41, 2011.07.25, urgency: MEDIUM:
* Bugfixes
- Fixed Windows service crash of stunnel 4.40.
Home page: http://www.stunnel.org/
Download: ftp://ftp.stunnel.org/stunnel/
SHA-256 hash for stunnel-4.41.tar.gz:
08e0e7df42bfb8b8551eb6c4b5b50eae6051aaf75077101d729e67c7a3a00c72
Best regards,
Mike
Dear Users,
I have released version 4.40 of stunnel.
The ChangeLog entry:
Version 4.40, 2011.07.23, urgency: LOW:
* New Win32 features
- Added a GUI menu to save cached peer certificate chains.
- Added "-exit" option to stop stunnel *not* running as a service.
This option may be useful for scripts.
- Added file version information to stunnel.exe.
- A number of other GUI improvements.
* Other new features
- Hardcoded 2048-bit DH parameters are used as a fallback if DH
parameters
are not provided in stunnel.pem.
- Default "ciphers" value updated to prefer ECDH:
"ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH".
- Default ECDH curve updated to "prime256v1".
- Removed support for temporary RSA keys (used in obsolete export
ciphers).
Home page: http://www.stunnel.org/
Download: ftp://ftp.stunnel.org/stunnel/
SHA-256 hash for stunnel-4.40.tar.gz:
91f32c7654dde0e1cf37ed0d8517e0d0b5985cd30443a9d64cd33d232b5fe9ce
Best regards,
Mike
Dear Users,
I have just added a new Windows GUI menu to save peer certificate
chains.
Please to give it a try and let me know if there are any issues, so I
can fix them in the final stunnel 4.40:
ftp://ftp.stunnel.org/stunnel/stunnel-4.40b1-installer.exe
Another useful function would probably be a replacement for Unix
c_rehash script. 8-)
I also appreciate your comments are suggestions related to the new
functionality.
Best regards,
Mike
Dear Users,
I have just released version 4.39 of stunnel.
This version includes major improvements of the Windows GUI and
installer.
The ChangeLog entry:
Version 4.39, 2011.07.06, urgency: LOW:
* New features
- New Win32 installer module to build self-signed stunnel.pem.
- Added configuration file editing with Windows GUI.
- Added log file reopening file editing with Windows GUI.
It might be useful to also implement log file rotation.
- Improved configuration file reload with Windows GUI.
Home page: http://www.stunnel.org/
Download: ftp://ftp.stunnel.org/stunnel/
SHA-256 hash for stunnel-4.39.tar.gz:
972e4c150e3012ba8777f149c858e1e290aeb7ad7976e1551ac1752bc04fb0ed
Best regards,
Mike
Dear Users,
I have just released version 4.38 of stunnel.
The ChangeLog entry:
Version 4.38, 2011.06.28, urgency: MEDIUM:
* New features
- Server-side SNI implemented (RFC 3546 section 3.1) with a new
service-level option "nsi".
- "socket" option also accepts "yes" and "no" for flags.
- Nagle's algorithm is now disabled by default for improved
interactivity.
* Bugfixes
- A compilation fix was added for OpenSSL version < 1.0.0.
- Signal pipe set to non-blocking mode. This bug caused hangs of
stunnel
features based on signals, e.g. local mode, FORK threading, or
configuration file reload on Unix. Win32 platform was not
affected.
Home page: http://www.stunnel.org/
Download: ftp://ftp.stunnel.org/stunnel/
SHA-256 hash for stunnel-4.38.tar.gz:
aa49012195fde4dc3e4bed2bb25283cb40a6e0ad8295a47e730652f611e2268c
Best regards,
Mike
Dear Users,
I have just released version 4.37 of stunnel. This release is mainly
intended to fix bugs and portability issues introduced in versions
4.35 and 4.36.
This version also provides new security defaults, updated to better
match current best practices in cryptographic applications.
The ChangeLog entry:
Version 4.37, 2011.06.17, urgency: MEDIUM:
* New features
- Client-side SNI implemented (RFC 3546 section 3.1).
- Default "ciphers" changed from the OpenSSL default to a more secure
and faster "RC4-MD5:HIGH:!aNULL:!SSLv2".
A paranoid (and usually slower) setting would be "HIGH:!aNULL:!
SSLv2".
- Recommended "options = NO_SSLv2" added to the sample stunnel.conf
file.
- Default client method upgraded from SSLv3 to TLSv1.
To connect servers without TLS support use "sslVersion = SSLv3"
option.
- Improved --enable-fips and --disable-fips ./configure option
handling.
- On startup stunnel now compares the compiled version of OpenSSL
against
the running version of OpenSSL. A warning is logged on mismatch.
* Bugfixes
- Non-blocking socket handling in local mode fixed (Debian bug
#626856).
- UCONTEXT threading mode fixed.
- Removed the use of gcc Thread-Local Storage for improved
portability.
- va_copy macro defined for platforms that do not have it.
- Fixed "local" option parsing on IPv4 systems.
- Solaris compilation fix (redefinition of "STR").
Home page: http://www.stunnel.org/
Download: ftp://ftp.stunnel.org/stunnel/
SHA-256 hash for stunnel-4.37.tar.gz:
02ca30609ccb26f6e52ff7eb79a6778ea452a04432eaef7d959d19933f6fe109
Best regards,
Mike
Dear Users,
Version 4.36 of stunnel was released.
The ChangeLog entry:
Version 4.36, 2011.05.03, urgency: LOW:
* New features
- Updated Win32 DLLs for OpenSSL 1.0.0d.
- Dynamic memory management for strings manipulation:
no more static STRLEN limit, lower stack footprint.
- Strict public key comparison added for "verify = 3" certificate
checking mode (thx to Philipp Hartwig).
- Backlog parameter of listen(2) changed from 5 to SOMAXCONN:
improved behavior on heavy load.
- Example tools/stunnel.service file added for systemd service
manager.
* Bugfixes
- Missing pthread_attr_destroy() added to fix memory leak (thx to
Paul Allex and Peter Pentchev).
- Fixed the incorrect way of setting FD_CLOEXEC flag.
- Fixed --enable-libwrap option of ./configure script.
- /opt/local added to OpenSSL search path for MacPorts compatibility.
- Workaround implemented for signal handling on MacOS X.
- A trivial bug fixed in the stunnel.init script.
- Retry implemented on EAI_AGAIN error returned by resolver calls.
Home page: http://www.stunnel.org/
Download: ftp://ftp.stunnel.org/stunnel/
SHA-256 hash for stunnel-4.36.tar.gz:
3483fc2011e8a9d2614a93a9dbf7eabf405044df3566f29144fe2d1dd37a35f5
Best regards,
Mike
Dear Users,
I'm pleased to announce long-awaited version 4.35 of stunnel.
The ChangeLog entry:
* New features
- Updated Win32 DLLs for OpenSSL 1.0.0c.
- Transparent source (non-local bind) added for FreeBSD 8.x.
- Transparent destination ("transparent = destination") added for
Linux.
* Bugfixes
- Fixed reload of FIPS-enabled stunnel.
- Compiler options are now auto-detected by ./configure script
in order to support obsolete versions of gcc.
- Async-signal-unsafe s_log() removed from SIGTERM/SIGQUIT/SIGINT
handler.
- CLOEXEC file descriptor leaks fixed on Linux >= 2.6.28 with glibc
>= 2.10.
Irreparable race condition leaks remain on other Unix platforms.
This issue may have security implications on some deployments.
- Directory lib64 included in the OpenSSL library search path.
- Windows CE compilation fixes (thx to Pierre Delaage).
- Deprecated RSA_generate_key() replaced with RSA_generate_key_ex().
* Domain name changes (courtesy of Bri Hatch)
- http://stunnel.mirt.net/ --> http://www.stunnel.org/
- ftp://stunnel.mirt.net/ --> http://ftp.stunnel.org/
- stunnel.mirt.net::stunnel --> rsync.stunnel.org::stunnel
- stunnel-users(a)mirt.net --> stunnel-users(a)stunnel.org
- stunnel-announce(a)mirt.net --> stunnel-announce(a)stunnel.org
Home page: http://www.stunnel.org/
Download: ftp://ftp.stunnel.org/stunnel/
SHA-256 hash for stunnel-4.35.tar.gz:
a810e220498239483e14fae24eeb2a188a6167e9118958b903f8793768c4460f
Best regards,
Mike
