Dear Users,

I have just released version 4.37 of stunnel.  This release is mainly intended to fix bugs and portability issues introduced in versions 4.35 and 4.36.
This version also provides new security defaults, updated to better match current best practices in cryptographic applications.

The ChangeLog entry:

Version 4.37, 2011.06.17, urgency: MEDIUM:
* New features
  - Client-side SNI implemented (RFC 3546 section 3.1).
  - Default "ciphers" changed from the OpenSSL default to a more secure
    and faster "RC4-MD5:HIGH:!aNULL:!SSLv2".
    A paranoid (and usually slower) setting would be "HIGH:!aNULL:!SSLv2".
  - Recommended "options = NO_SSLv2" added to the sample stunnel.conf file.
  - Default client method upgraded from SSLv3 to TLSv1.
    To connect servers without TLS support use "sslVersion = SSLv3" option.
  - Improved --enable-fips and --disable-fips ./configure option handling.
  - On startup stunnel now compares the compiled version of OpenSSL against
    the running version of OpenSSL. A warning is logged on mismatch.
* Bugfixes
  - Non-blocking socket handling in local mode fixed (Debian bug #626856).
  - UCONTEXT threading mode fixed.
  - Removed the use of gcc Thread-Local Storage for improved portability.
  - va_copy macro defined for platforms that do not have it.
  - Fixed "local" option parsing on IPv4 systems.
  - Solaris compilation fix (redefinition of "STR").

Home page: http://www.stunnel.org/
Download: ftp://ftp.stunnel.org/stunnel/

SHA-256 hash for stunnel-4.37.tar.gz:
02ca30609ccb26f6e52ff7eb79a6778ea452a04432eaef7d959d19933f6fe109

Best regards,
Mike