[stunnel-users] Stunnel Version Vulnerability-Currently using 5.04

Tracy Drake - IQGC-C tracy.drake at gsa.gov
Tue Mar 28 14:37:33 CEST 2017

Hello Stunnel Users Forum!  I wonder if anyone may have suggestions of
what, if anything can be done to surmount a reported vulnerability for
Stunnel versions prior to 5.34.  I have limited savvy in this arena so
please excuse this "Stunnel for Dummies" question.

The following statements surfaced in a "security vulnerabilities" report...

The version of stunnel installed on the remote host is 4.46 or later but
prior to 5.34.
It is, therefore, affected by a security bypass vulnerability related to
the validation
 of level 4 peer certificates. An unauthenticated, remote attacker can
exploit this to
 have an impact on confidentiality, integrity, and/or availability. No
other details are

I am of the mind that perhaps an entry in Stunnel.conf until we can deploy
an upgrade?

Thanks in advance for any feedback! Upgrade to stunnel version 5.34 or

Tracy Drake
CSM Senior Consultant
GSA-FAS CAMEO Contractor
URSA & INFOConnect Support & Training Team Lead
tracy.drake at gsa.gov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20170328/f686eaaf/attachment.html>

More information about the stunnel-users mailing list