Hello Stunnel Users Forum! I wonder if anyone may have suggestions of what, if anything can be done to surmount a reported vulnerability for Stunnel versions prior to 5.34. I have limited savvy in this arena so please excuse this "Stunnel for Dummies" question.

The following statements surfaced in a "security vulnerabilities" report...

The version of stunnel installed on the remote host is 4.46 or later but prior to 5.34.
It is, therefore, affected by a security bypass vulnerability related to the validation
of level 4 peer certificates. An unauthenticated, remote attacker can exploit this to
have an impact on confidentiality, integrity, and/or availability. No other details are
available.

I am of the mind that perhaps an entry in Stunnel.conf until we can deploy an upgrade?

Thanks in advance for any feedback!

Upgrade to stunnel version 5.34 or later.

Tracy Drake

CSM Senior Consultant

GSA-FAS CAMEO Contractor

URSA & INFOConnect Support & Training Team Lead

704-987-1211

tracy.drake@gsa.gov