-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
I have released version 5.10 of stunnel.
The ChangeLog entry:
Version 5.10, 2015.01.22, urgency: LOW:
* New features
- OCSP AIA (Authority Information Access) support. This feature
can be enabled with the new service-level option "OCSPaia".
- Additional security features of the linker are enabled:
"-z relro", "-z now", "-z noexecstack".
* Bugfixes
- OpenSSL DLLs updated to version 1.0.1l.
https://www.openssl.org/news/secadv_20150108.txt
- FIPS canister updated to version 2.0.9 in the Win32 binary
build.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
032bfc1854f8a0b9e452343c36ec6b52c7e0daef0863423c6b13a61a7c92eb23
stunnel-5.10.tar.gz
7c29753b6488f37b29f365e9c4a6060c3da8a89000af1cd29eab7c37d419d148
stunnel-5.10-installer.exe
93cd0941580eaa7815ed62ec88a111cb449e9bad97cd1a35d7524867a8238234
stunnel-5.10-android.zip
Best regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlTBMTsACgkQ/NU+nXTHMtE+uQCg9N0butSpAQ2mM1M5ySe7T18i
oe8AoOAHKJ9F7jMlUfHnmuzBtIPbbghN
=e9ed
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
I have released version 5.09 of stunnel.
The ChangeLog entry:
Version 5.09, 2015.01.02, urgency: LOW:
* New features
- Added PSK authentication with two new service-level
configuration file options "PSKsecrets" and "PSKidentity".
- Added additional security checks to the OpenSSL memory
management functions.
- Added support for the OPENSSL_NO_OCSP and OPENSSL_NO_ENGINE
OpenSSL configuration flags.
- Added compatibility with the current OpenSSL 1.1.0-dev tree.
* Bugfixes
- Removed defective s_poll_error() code occasionally causing
connections to be prematurely closed (truncated).
This bug was introduced in stunnel 4.34.
- Fixed ./configure systemd detection (thx to Kip Walraven).
- Fixed ./configure sysroot detection (thx to Kip Walraven).
- Fixed compilation against old versions of OpenSSL.
- Removed outdated French manual page.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
87b34a74061861d1edd2ab238c73eb989b3d0a17e44574b7b6ead1a16aae38c8
stunnel-5.09.tar.gz
4abbddf3c1dbedf54b14fa5a18ead11e4df6387f13189b665c2ec5759c4afd30
stunnel-5.09-installer.exe
23c33dc46cc1bfb1df77c88d3c48901822bc113dd1e67d138bcf5fb1bb3d4197
stunnel-5.09-android.zip
Best regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlSmt98ACgkQ/NU+nXTHMtGZowCfTspj4OZn8DRBUboG2S+1Qy2A
ocoAoLdZpjJU7BjERXqQakhNIPOXFojN
=/MD9
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
Starting with stunnel-5.09b1 it is now possible to use stunnel without
certificates.
https://www.stunnel.org/downloads.html
Example server configuration is:
[PSK server]
accept = <stunnel_port>
connect = <dst_port>
PSKsecrets = psk.txt
, where the psk.txt may contain the following lines:
test1:oaP4EishaeSaishei6rio6xeeph3az
test2:yah5uS4aijooxilier8iaphuwah1Lo
Example client configuration:
[PSK client 1]
client = yes
accept = 127.0.0.1:<src_port>
connect = <stunnel_ip>:<stunnel_port>
PSKsecrets = psk1.txt
PSKidentity = test1
The psk1.txt file only needs to contain:
test1:oaP4EishaeSaishei6rio6xeeph3az
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlSKHNMACgkQ/NU+nXTHMtE72wCg/EZp4NdVnkrQFffGVWZO65lE
QucAn3ddp+yTDruP+gNkevf///0olb1+
=o0k3
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
I have released version 5.08 of stunnel.
The ChangeLog entry:
Version 5.08, 2014.12.09, urgency: MEDIUM:
* New features
- Added SOCKS4/SOCKS4a protocol support.
- Added SOCKS5 protocol support.
- Added SOCKS RESOLVE [F0] TOR extension support.
- Updated automake to version 1.14.1.
- OpenSSL directory searching is now relative to the sysroot.
* Bugfixes
- Fixed improper hangup condition handling.
- Fixed missing -pic linker option. This is required for
Android 5.0 and improves security.
To setup SOCKS4 VPN configure the following client service:
[socks_client]
client = yes
accept = 127.0.0.1:1080
connect = vpn_server:9080
verify = 4
CAfile = stunnel.pem
The corresponding configuration on the vpn_server host:
[socks_server]
protocol = socks
accept = 9080
cert = stunnel.pem
key = stunnel.key
SOCKS-enabled clients (e.g. web browsers) can now use stunnel client
for a VPN service. Encrypted DNS resolver is supported with SOCKS4a,
SOCKS5, and SOCKS RESOLVE [F0] TOR extension.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
830b21d24cd237e96f4d7993be43553d4eba4d3cfa2660faa78dec8d41d314fc
stunnel-5.08.tar.gz
84c06c8a3f8b6bbb5c1a2b6e352c70bdad1c87f1d5a37476e5dee02f2d65065c
stunnel-5.08-installer.exe
28750afe9e5fec4b60b98468ea834cd126e149e8d97074b813b216723a889802
stunnel-5.08-android.zip
Best regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlSGzsMACgkQ/NU+nXTHMtHQlwCgwsX66e0EU5PMxsfMCdC5sfVt
Fy4AnRXe65YLabb7K1XOn6tKncEH0smR
=WP5h
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
Please take a look at the latest stunnel-5.08b4 available for download
on https://www.stunnel.org/downloads.html
It adds support for SOCKS4 and SOCKS4a protocols. The SOCKS protocol
itself is encapsulated within SSL/TLS encryption layer to protect the
final destination address.
http://www.openssh.com/txt/socks4.protocolhttp://www.openssh.com/txt/socks4a.protocol
The BIND command of the SOCKS protocol is not supported.
The USERID parameter is ignored.
To setup SOCKS4 VPN configure the following client service:
[socks_client]
client = yes
accept = 127.0.0.1:1080
connect = vpn_server:9080
verify = 4
CAfile = stunnel.pem
The corresponding configuration on the vpn_server host:
[socks_server]
protocol = socks
accept = 9080
cert = stunnel.pem
key = stunnel.key
Now test your configuration on the client machine with:
curl --socks4a localhost http://www.example.com/
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlRmVXgACgkQ/NU+nXTHMtHuZwCfXlH0YYTHYhThoXPrCgV4OhrE
BwsAoLgIpVWDOdBbISzrP53m2H9LUR6W
=9DEh
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
I have released version 5.07 of stunnel.
The ChangeLog entry:
Version 5.07, 2014.11.01, urgency: MEDIUM:
* New features
- Several SMTP server protocol negotiation improvements.
- Added UTF-8 byte order marks to stunnel.conf templates.
- DH parameters are no longer generated by "make cert".
The hardcoded DH parameters are sufficiently secure,
and modern TLS implementations will use ECDH anyway.
- Updated manual for the "options" configuration file option.
- Added support for systemd 209 or later.
- New --disable-systemd ./configure option.
- setuid/setgid commented out in stunnel.conf-sample.
* Bugfixes
- Added support for UTF-8 byte order mark in stunnel.conf.
- Compilation fix for OpenSSL with disabled SSLv2 or SSLv3.
- Non-blocking mode set on inetd and systemd descriptors.
- shfolder.h replaced with shlobj.h for compatibility
with modern Microsoft compilers.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
505c6c63c4a20fc0cce8c35ef1ab7626c7b01071e3fca4ac6ea417afe8065309
stunnel-5.07.tar.gz
0e8d41a8102437d2c04a347bfe38ad80408fd2eb1451c559dcc7932ff2d09bd9
stunnel-5.07-installer.exe
d3ced258ad35bea656ec178644d83e7d0b9fe8a2e4b2d6511e5c898ac9e6c7fc
stunnel-5.07-android.zip
Best regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlRU61wACgkQ/NU+nXTHMtEwLwCdEprl4s5aleq7+MzK9JmYcnQ+
q+gAniP9aOtMuQtML9zcRPK0LY6Yb/3H
=IVK/
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
I have released version 5.06 of stunnel.
This is a security bugfix release. Update is recommended.
The ChangeLog entry:
Version 5.06, 2014.10.15, urgency: HIGH:
* Security bugfixes
- OpenSSL DLLs updated to version 1.0.1j.
https://www.openssl.org/news/secadv_20141015.txt
- The insecure SSLv2 protocol is now disabled by default.
It can be enabled with "options = -NO_SSLv2".
- The insecure SSLv3 protocol is now disabled by default.
It can be enabled with "options = -NO_SSLv3".
- Default sslVersion changed to "all" (also in FIPS mode)
to autonegotiate the highest supported TLS version.
* New features
- Added missing SSL options to match OpenSSL 1.0.1j.
- New "-options" commandline option to display the list
of supported SSL options.
* Bugfixes
- Fixed FORK threading build regression bug.
- Fixed missing periodic Win32 GUI log updates.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
098c2b6db0793ea4fa5b6767ce6ef1853e9f6cc2f32133024be55f6a460b1a40
stunnel-5.06.tar.gz
55afb3013406da1afcc1ab7ccc25bb1c66605ca3e004636a6b49cac555cb4d09
stunnel-5.06-installer.exe
a1741eb8bb050d3d29515ddef46a0a6828372a991f2658995dee1e06af8c05c8
stunnel-5.06-android.zip
Best regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlQ+4v4ACgkQ/NU+nXTHMtFwNwCgvZyndOwkAQqmsWnuL7DcRAPq
lSIAnig726aVMrFzFAoQzKXxxmWo/Qo9
=ok3p
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
I have released version 5.05 of stunnel.
The ChangeLog entry:
Version 5.05, 2014.10.10, urgency: MEDIUM:
* New features
- Asynchronous communication with the GUI thread for faster
logging on Win32.
- systemd socket activation (thx to Mark Theunissen).
- The parameter of "options" can now be prefixed with "-"
to clear an SSL option, for example:
"options = -LEGACY_SERVER_CONNECT".
- Improved "transparent = destination" manual page (thx to
Vadim Penzin).
* Bugfixes
- Fixed POLLIN|POLLHUP condition handling error resulting
in prematurely closed (truncated) connection.
- Fixed a null pointer dereference regression bug in the
"transparent = destination" functionality (thx to
Vadim Penzin). This bug was introduced in stunnel 5.00.
- Fixed startup thread synchronization with Win32 GUI.
- Fixed erroneously closed stdin/stdout/stderr if specified
as the -fd commandline option parameter.
- A number of minor Win32 GUI bugfixes and improvements.
- Merged most of the Windows CE patches (thx to Pierre Delaage).
- Fixed incorrect CreateService() error message on Win32.
- Implemented a workaround for defective Cygwin file
descriptor passing breaking the libwrap support:
http://wiki.osdev.org/Cygwin_Issues#Passing_file_descriptors
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
c7e1653345150db7e48d00e1129cf571c7c85de8e7e1aa70b21cf1d76b1e31ef
stunnel-5.05.tar.gz
19f8b78aecc26c291d90e4fa72807bdb75063a7641fd64f224222b526cfa83aa
stunnel-5.05-installer.exe
65129c4c1a73dc04a0f66571a9bda2860d70376cdcc2c1d83fd575dcb0adc7a5
stunnel-5.05-android.zip
Best regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlQ3ofIACgkQ/NU+nXTHMtHnmQCg8sncLzw4bfiuw3ziL7HGFEdJ
luwAoKTF4C3jbUihpz8ODEPvtGbK24Cs
=Z+GJ
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
I have released version 5.04 of stunnel.
The ChangeLog entry:
Version 5.04, 2014.09.21, urgency: LOW:
* New features
- Support for local mode ("exec" option) on Win32.
- Support for UTF-8 config file and log file.
- Win32 UTF-16 build (thx to Pierre Delaage for support).
- Support for Unicode file names on Win32.
- A more explicit service description provided for the
Windows SCM (thx to Pierre Delaage).
- TCP/IP dependency added for NT service in order to prevent
initialization failure at boot time.
- FIPS canister updated to version 2.0.8 in the Win32 binary
build.
* Bugfixes
- load_icon_default() modified to return copies of default icons
instead of the original resources to prevent the resources
from being destroyed.
- Partially merged Windows CE patches (thx to Pierre Delaage).
- Fixed typos in stunnel.init.in and vc.mak.
- Fixed incorrect memory allocation statistics update in
str_realloc().
- Missing REMOTE_PORT environmental variable is provided to
processes spawned with "exec" on Unix platforms.
- Taskbar icon is no longer disabled for NT service.
- Fixed taskbar icon initialization when commandline options are
specified.
- Reportedly more compatible values used for the dwDesiredAccess
parameter of the CreateFile() function (thx to Pierre Delaage).
- A number of minor Win32 GUI bugfixes and improvements.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
ee9702e073cb8d5940a1310ae171a38d3264f1ce3b087160728bbbcf5710cec1
stunnel-5.04.tar.gz
045145b4e6ef66d29774b558837bd693a0dbab9f7295586da9e5f0de4c5a7481
stunnel-5.04-installer.exe
d1bc5c00278f31c64ad4a601d9e398b21284777f9079e91b8cbaef1e8e91f538
stunnel-5.04-android.zip
Best regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlQfAqsACgkQ/NU+nXTHMtH1cACeLEi7tFSEoxYJCfZROeaTLD4J
+8sAoKK+l/6Bjl2sLwPRTcmw/Vj4+PYy
=F0H9
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Guys,
Please feel free to try the second beta version:
https://www.stunnel.org/downloads/beta/stunnel-5.04b2.tar.gzhttps://www.stunnel.org/downloads/beta/stunnel-5.04b2-installer.exe
I have finished implementing Win32 UNICODE support.
The following planned features depend on UNICODE support:
- Non-ASCII path names (this is already partially implemented)
- UTF8 stunnel.conf
- Windows CE GUI
stunnel 5.04b2 also fixes missing taskbar icon when stunnel is
executed with commandline switches (for example "stunnel -help").
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlQcnAcACgkQ/NU+nXTHMtHOnQCeJFPogmAyhDFQ+CoLT17nhd1I
CSIAni1tOnInyScnXwB/d876RF0o9YYt
=PJ+o
-----END PGP SIGNATURE-----
