-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
I have released version 5.12 of stunnel.
The ChangeLog entry:
Version 5.12, 2015.03.19, urgency: HIGH:
* Security bugfixes
- OpenSSL DLLs updated to version 1.0.2a.
https://www.openssl.org/news/secadv_20150319.txt
* New features
- New service-level option "logId" to specify the
connection identifier type. Currently supported types:
"sequential" (default), "unique", and "thread".
- New service-level option "debug" to individually control
logging verbosity of defined services.
* Bugfixes
- OCSP fixed on Windows platform (thx to Alec Kosky).
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
80c3d350c9b3e4438143fcc77c915026ae338f8174bb730ff117ca438ba84847
stunnel-5.12.tar.gz
aa1a241009172636e07eb2260e43cec28ba1da4348e74abae52598a41eed478a
stunnel-5.12-installer.exe
6c377c045768007ef14830227ae8637ba97a2bb225e3bad98179febd020ef6b2
stunnel-5.12-android.zip
Best regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJVCuLXAAoJEC78f/DUFuAUDPkQAM22z+jWYIfzUHqg5o2cDzLS
KBinjzmymoYw2mpGRjjBW/dNIVcBBnk2DhaYMaTrVFSxdFhDjZATXekFxiIotBGn
YjM5EKmdkiguNQcEcR+a72Lh+fjDB3w7o0tDtXoD9+cfLr7tiwV7WLo1WwqeAdOi
Do4u0RJZE6INd7O5EMKDMWpsEp1AxIGEXyEY9brZxptS6pow0+fwJnIaLcE3ZYje
6XAIFw4nSIyvfEhe6d7vmB5pmSidNrJlvOpi2ui3MxdS1ZBYEhNbwiPujeG3mb02
5i0RnJLocY0gBa/j5wTWnpamQt8HdO6L2MP/vo7Wqg66663/4k0KtfaNmY5azQ98
JrCibZNU9GlXkhgAz65ORVHVr4Bh7Aq65W5mlrKt1DRopnI4/dawWORjKN6rJYeU
vcwsStAG/adukFO++TaDq+4NJTZ9GEn7XrNp3cgfVkd8L68vTTgbwRzQ1kWoAlz4
D2AozchqPfe2QIlsGQ7JfcnZsEgAy34HSLpst5LntudXDwZiHmxRzcg0604YWe2I
7Y4XGs1SxVBsURRi/KCLRKDwH8SiAqB4SP79tOtxEqMEIN6kpiagsKn0yMgFzVBH
Irdbz/WfFmJzwh1YZ2uXjBT9U6H7lYrkz1AEMJ7DzKwGcP8B1sdDBzBtppkfZdam
Y4NUI7wsPUexvBb8AB8h
=dqXf
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
I have released version 5.11 of stunnel.
The ChangeLog entry:
Version 5.11, 2015.03.11, urgency: LOW:
* New features
- OpenSSL DLLs updated to version 1.0.2.
- Removed dereferences of internal OpenSSL data structures.
- PSK key lookup algorithm performance improved from
O(N) (linear) to O(log N) (logarithmic).
* Bugfixes
- Fixed peer certificate list in the main window on Win32
(thx to @fyer for reporting it).
- Fixed console logging in tstunnel.exe.
- _tputenv_s() replaced with more portable _tputenv() on Win32.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
71a8bc37e58e34509b0267ade02292994c7a127f14d6e5ba03081db695edff8c
stunnel-5.11.tar.gz
3511a4bf27bcffdb69c3b2b2d5989d0b1d7b033a28f0c8d53cdd622555326487
stunnel-5.11-installer.exe
ccebef146d5c28854aa538e2ff8f7d1d1eb822d2ab51689aa88d39a1c3026776
stunnel-5.11-android.zip
Best regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJVAG9SAAoJEC78f/DUFuAUT2YP+weeIxK38dCe5O49Tj/2Yh5p
msWRsK3JPcLe9uFobCYfpuSvm5+rWKAF+tOBjPkKL024z1V9XTFca4aRK+0EJWdp
8ndM0HBKW9LzlQZ7IR1jIV23BWwKnBJi3D4xpTVFgxFHn6fO/WJzggOBSLsp299o
pE643meivz8O182b54EhD4shLCm5XTtrltYSoi0fVMZ2MIBH4LoLVTknF3pH4St1
GrqAcV+5KgsMInRtJjtgkCDPsVYbCYze+8U+Lq1wehdZ/8n90rCsPqLvzDtff76O
99ohHSIPyhnZM5C1VWb1XADIrdsXoaS5hjcWv2ujS8h4zSW4wcugYC+LRTrDqrOo
OaRuHvPF/vdHu8Jok+roxHh7IKxBSJ/W58+ubjwKVYRP+JRKn6JkK4FRcMVy9kMM
HRFr/o1rzXk0O6epogSLuGT/mSJhy+o/VV781Ce5d+QkUswviVT6WSAjvT3/3VMM
odkm2t7JIpvC06naVjjKzMg84BLLW8Phuyp3+6LBCqoTRj7FbjsRd1pSFYn3D/3L
GMWt1kZ6YHam2mWE0j9AlW9hOyfbqlsgX4nux1x6ckUs0KvRMm34RONaECqV/VuU
swf0PciswFa3739Ln3O47uDHVfPviW/CT4+HHMVXN7xmqMSnWqYkh9/oE05mNLFY
xtbFUaOMt1K0phJkBsx9
=u9oG
-----END PGP SIGNATURE-----
Dear Users,
As of now I'm starting to sign my emails and code with a new PGP key.
The new key is attached to this email message, and available at
https://www.stunnel.org/pgp.asc
Key fingerprint = AC91 5EA3 0645 D9D3 D4DA E4FE B104 8932 DD3A AAA3
The new key is also signed with my previous PGP key.
This and other signatures can be verified with:
gpg --check-sigs "AC91 5EA3 0645 D9D3 D4DA E4FE B104 8932 DD3A AAA3"
Best regards,
Mike
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
I have released version 5.10 of stunnel.
The ChangeLog entry:
Version 5.10, 2015.01.22, urgency: LOW:
* New features
- OCSP AIA (Authority Information Access) support. This feature
can be enabled with the new service-level option "OCSPaia".
- Additional security features of the linker are enabled:
"-z relro", "-z now", "-z noexecstack".
* Bugfixes
- OpenSSL DLLs updated to version 1.0.1l.
https://www.openssl.org/news/secadv_20150108.txt
- FIPS canister updated to version 2.0.9 in the Win32 binary
build.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
032bfc1854f8a0b9e452343c36ec6b52c7e0daef0863423c6b13a61a7c92eb23
stunnel-5.10.tar.gz
7c29753b6488f37b29f365e9c4a6060c3da8a89000af1cd29eab7c37d419d148
stunnel-5.10-installer.exe
93cd0941580eaa7815ed62ec88a111cb449e9bad97cd1a35d7524867a8238234
stunnel-5.10-android.zip
Best regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlTBMTsACgkQ/NU+nXTHMtE+uQCg9N0butSpAQ2mM1M5ySe7T18i
oe8AoOAHKJ9F7jMlUfHnmuzBtIPbbghN
=e9ed
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
I have released version 5.09 of stunnel.
The ChangeLog entry:
Version 5.09, 2015.01.02, urgency: LOW:
* New features
- Added PSK authentication with two new service-level
configuration file options "PSKsecrets" and "PSKidentity".
- Added additional security checks to the OpenSSL memory
management functions.
- Added support for the OPENSSL_NO_OCSP and OPENSSL_NO_ENGINE
OpenSSL configuration flags.
- Added compatibility with the current OpenSSL 1.1.0-dev tree.
* Bugfixes
- Removed defective s_poll_error() code occasionally causing
connections to be prematurely closed (truncated).
This bug was introduced in stunnel 4.34.
- Fixed ./configure systemd detection (thx to Kip Walraven).
- Fixed ./configure sysroot detection (thx to Kip Walraven).
- Fixed compilation against old versions of OpenSSL.
- Removed outdated French manual page.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
87b34a74061861d1edd2ab238c73eb989b3d0a17e44574b7b6ead1a16aae38c8
stunnel-5.09.tar.gz
4abbddf3c1dbedf54b14fa5a18ead11e4df6387f13189b665c2ec5759c4afd30
stunnel-5.09-installer.exe
23c33dc46cc1bfb1df77c88d3c48901822bc113dd1e67d138bcf5fb1bb3d4197
stunnel-5.09-android.zip
Best regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlSmt98ACgkQ/NU+nXTHMtGZowCfTspj4OZn8DRBUboG2S+1Qy2A
ocoAoLdZpjJU7BjERXqQakhNIPOXFojN
=/MD9
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
Starting with stunnel-5.09b1 it is now possible to use stunnel without
certificates.
https://www.stunnel.org/downloads.html
Example server configuration is:
[PSK server]
accept = <stunnel_port>
connect = <dst_port>
PSKsecrets = psk.txt
, where the psk.txt may contain the following lines:
test1:oaP4EishaeSaishei6rio6xeeph3az
test2:yah5uS4aijooxilier8iaphuwah1Lo
Example client configuration:
[PSK client 1]
client = yes
accept = 127.0.0.1:<src_port>
connect = <stunnel_ip>:<stunnel_port>
PSKsecrets = psk1.txt
PSKidentity = test1
The psk1.txt file only needs to contain:
test1:oaP4EishaeSaishei6rio6xeeph3az
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlSKHNMACgkQ/NU+nXTHMtE72wCg/EZp4NdVnkrQFffGVWZO65lE
QucAn3ddp+yTDruP+gNkevf///0olb1+
=o0k3
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
I have released version 5.08 of stunnel.
The ChangeLog entry:
Version 5.08, 2014.12.09, urgency: MEDIUM:
* New features
- Added SOCKS4/SOCKS4a protocol support.
- Added SOCKS5 protocol support.
- Added SOCKS RESOLVE [F0] TOR extension support.
- Updated automake to version 1.14.1.
- OpenSSL directory searching is now relative to the sysroot.
* Bugfixes
- Fixed improper hangup condition handling.
- Fixed missing -pic linker option. This is required for
Android 5.0 and improves security.
To setup SOCKS4 VPN configure the following client service:
[socks_client]
client = yes
accept = 127.0.0.1:1080
connect = vpn_server:9080
verify = 4
CAfile = stunnel.pem
The corresponding configuration on the vpn_server host:
[socks_server]
protocol = socks
accept = 9080
cert = stunnel.pem
key = stunnel.key
SOCKS-enabled clients (e.g. web browsers) can now use stunnel client
for a VPN service. Encrypted DNS resolver is supported with SOCKS4a,
SOCKS5, and SOCKS RESOLVE [F0] TOR extension.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
830b21d24cd237e96f4d7993be43553d4eba4d3cfa2660faa78dec8d41d314fc
stunnel-5.08.tar.gz
84c06c8a3f8b6bbb5c1a2b6e352c70bdad1c87f1d5a37476e5dee02f2d65065c
stunnel-5.08-installer.exe
28750afe9e5fec4b60b98468ea834cd126e149e8d97074b813b216723a889802
stunnel-5.08-android.zip
Best regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlSGzsMACgkQ/NU+nXTHMtHQlwCgwsX66e0EU5PMxsfMCdC5sfVt
Fy4AnRXe65YLabb7K1XOn6tKncEH0smR
=WP5h
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
Please take a look at the latest stunnel-5.08b4 available for download
on https://www.stunnel.org/downloads.html
It adds support for SOCKS4 and SOCKS4a protocols. The SOCKS protocol
itself is encapsulated within SSL/TLS encryption layer to protect the
final destination address.
http://www.openssh.com/txt/socks4.protocolhttp://www.openssh.com/txt/socks4a.protocol
The BIND command of the SOCKS protocol is not supported.
The USERID parameter is ignored.
To setup SOCKS4 VPN configure the following client service:
[socks_client]
client = yes
accept = 127.0.0.1:1080
connect = vpn_server:9080
verify = 4
CAfile = stunnel.pem
The corresponding configuration on the vpn_server host:
[socks_server]
protocol = socks
accept = 9080
cert = stunnel.pem
key = stunnel.key
Now test your configuration on the client machine with:
curl --socks4a localhost http://www.example.com/
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlRmVXgACgkQ/NU+nXTHMtHuZwCfXlH0YYTHYhThoXPrCgV4OhrE
BwsAoLgIpVWDOdBbISzrP53m2H9LUR6W
=9DEh
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
I have released version 5.07 of stunnel.
The ChangeLog entry:
Version 5.07, 2014.11.01, urgency: MEDIUM:
* New features
- Several SMTP server protocol negotiation improvements.
- Added UTF-8 byte order marks to stunnel.conf templates.
- DH parameters are no longer generated by "make cert".
The hardcoded DH parameters are sufficiently secure,
and modern TLS implementations will use ECDH anyway.
- Updated manual for the "options" configuration file option.
- Added support for systemd 209 or later.
- New --disable-systemd ./configure option.
- setuid/setgid commented out in stunnel.conf-sample.
* Bugfixes
- Added support for UTF-8 byte order mark in stunnel.conf.
- Compilation fix for OpenSSL with disabled SSLv2 or SSLv3.
- Non-blocking mode set on inetd and systemd descriptors.
- shfolder.h replaced with shlobj.h for compatibility
with modern Microsoft compilers.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
505c6c63c4a20fc0cce8c35ef1ab7626c7b01071e3fca4ac6ea417afe8065309
stunnel-5.07.tar.gz
0e8d41a8102437d2c04a347bfe38ad80408fd2eb1451c559dcc7932ff2d09bd9
stunnel-5.07-installer.exe
d3ced258ad35bea656ec178644d83e7d0b9fe8a2e4b2d6511e5c898ac9e6c7fc
stunnel-5.07-android.zip
Best regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlRU61wACgkQ/NU+nXTHMtEwLwCdEprl4s5aleq7+MzK9JmYcnQ+
q+gAniP9aOtMuQtML9zcRPK0LY6Yb/3H
=IVK/
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear Users,
I have released version 5.06 of stunnel.
This is a security bugfix release. Update is recommended.
The ChangeLog entry:
Version 5.06, 2014.10.15, urgency: HIGH:
* Security bugfixes
- OpenSSL DLLs updated to version 1.0.1j.
https://www.openssl.org/news/secadv_20141015.txt
- The insecure SSLv2 protocol is now disabled by default.
It can be enabled with "options = -NO_SSLv2".
- The insecure SSLv3 protocol is now disabled by default.
It can be enabled with "options = -NO_SSLv3".
- Default sslVersion changed to "all" (also in FIPS mode)
to autonegotiate the highest supported TLS version.
* New features
- Added missing SSL options to match OpenSSL 1.0.1j.
- New "-options" commandline option to display the list
of supported SSL options.
* Bugfixes
- Fixed FORK threading build regression bug.
- Fixed missing periodic Win32 GUI log updates.
Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html
SHA-256 hashes:
098c2b6db0793ea4fa5b6767ce6ef1853e9f6cc2f32133024be55f6a460b1a40
stunnel-5.06.tar.gz
55afb3013406da1afcc1ab7ccc25bb1c66605ca3e004636a6b49cac555cb4d09
stunnel-5.06-installer.exe
a1741eb8bb050d3d29515ddef46a0a6828372a991f2658995dee1e06af8c05c8
stunnel-5.06-android.zip
Best regards,
Mike
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlQ+4v4ACgkQ/NU+nXTHMtFwNwCgvZyndOwkAQqmsWnuL7DcRAPq
lSIAnig726aVMrFzFAoQzKXxxmWo/Qo9
=ok3p
-----END PGP SIGNATURE-----
