stunnel 5.67 released

[Michał Trojnara via openssl-users]

Dear Users,

I have released version 5.67 of stunnel.

### Version 5.67, 2022.11.01, urgency: HIGH
* Security bugfixes
  - OpenSSL DLLs updated to version 3.0.7.
* New features
  - Provided a logging callback to custom engines.
* Bugfixes
  - Fixed "make cert" with OpenSSL older than 3.0.
  - Fixed the code and the documentation to use conscious
    language for SNI servers (thx to Clemens Lang).

Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html

SHA-256 hashes:
3086939ee6407516c59b0ba3fbf555338f9d52f459bcab6337c0f00e91ea8456 
stunnel-5.67.tar.gz
a6bdc2a735eb34465d10e3c7e61f32d679ba29a68de8ea8034db79c0c8b328a3 
stunnel-5.67-win64-installer.exe
893f53d6647900eb34041be8f21a21c052a31de3fb393a97627021a1ef2752f5 
stunnel-5.67-android.zip

Best regards,
    Mike


OpenPGP_signature
Description: OpenPGP digital signature

stunnel 5.66 released

[Michał Trojnara via openssl-users]

Dear Users,

I have released version 5.66 of stunnel.

### Version 5.66, 2022.09.11, urgency: MEDIUM
* New features
  - OpenSSL 3.0 FIPS Provider support for Windows.
* Bugfixes
  - Fixed building on machines without pkg-config.
  - Added the missing "environ" declaration for
    BSD-based operating systems.
  - Fixed the passphrase dialog with OpenSSL 3.0.

Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html

SHA-256 hashes:
558178704d1aa5f6883aac6cc5d6bbf2a5714c8a0d2e91da0392468cee9f579c 
stunnel-5.66.tar.gz
5fccb2e4db0d2e3c1adb26c3906585ac545baf88226f4f539b2dc43fe418a3ef 
stunnel-5.66-win64-installer.exe
3b1e30e060e16f6aa9a8ad1b1a6ba1210c165bf76bd01e4734cb4537e0717c09 
stunnel-5.66-android.zip

Best regards,
    Mike


OpenPGP_signature
Description: OpenPGP digital signature

stunnel 5.65 released

[Michał Trojnara via openssl-users]

Dear Users,

I have released version 5.65 of stunnel.

On Windows, this release fixes a high severity OpenSSL vulnerability:
https://www.openssl.org/news/secadv/20220705.txt

### Version 5.65, 2022.07.17, urgency: HIGH
* Security bugfixes
  - OpenSSL DLLs updated to version 3.0.5.
* Bugfixes
  - Fixed handling globally enabled FIPS.
  - Fixed openssl.cnf processing in WIN32 GUI.
  - Fixed a number of compiler warnings.
  - Fixed tests on older versions of OpenSSL.

Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html

SHA-256 hashes:
60c500063bd1feff2877f5726e38278c086f96c178f03f09d264a2012d6bf7fc 
stunnel-5.65.tar.gz
ca88e65888102f7526cab4edad7b30e8d1e82d428c34d5b5f00513dff9ed2288 
stunnel-5.65-win64-installer.exe
9dadaa8622e1c1955728cbd8d49e1a6b5eae77bfa5340f7a1f82451121aee740 
stunnel-5.65-android.zip

Best regards,
    Mike


OpenPGP_signature
Description: OpenPGP digital signature

stunnel 5.64 released

[Michał Trojnara via openssl-users]

Dear Users,

I have released version 5.64 of stunnel. This release only includes Windows 
fixes and improvements.

### Version 5.64, 2022.05.06, urgency: MEDIUM
* Security bugfixes
  - OpenSSL DLLs updated to version 3.0.3.
* New features
  - Updated the pkcs11 engine for Windows.
* Bugfixes
  - Removed the SERVICE_INTERACTIVE_PROCESS flag in "stunnel -install".

Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html

SHA-256 hashes:
eebe53ed116ba43b2e786762b0c2b91511e7b74857ad4765824e7199e6faf883 
stunnel-5.64.tar.gz
600e76b52a86b21f97a1af13734fdd2226c26646bb77f5f9f074ba3d5755f024 
stunnel-5.64-win64-installer.exe
391db6166b22a6648fd1f1df584c13ade61c93f620e46b12ebb30b643e61d2d3 
stunnel-5.64-android.zip

Best regards,
    Mike




OpenPGP_signature
Description: OpenPGP digital signature

stunnel 5.63 released

[Michał Trojnara via openssl-users]

Dear Users,

I have released version 5.63 of stunnel.

### Version 5.63, 2022.03.15, urgency: HIGH
* Security bugfixes
  - OpenSSL DLLs updated to version 3.0.2.
* New features
  - Updated stunnel.spec to support bash completion.
* Bugfixes
  - Fixed a PRNG initialization crash (thx to Gleydson Soares).

Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html

SHA-256 hashes:

c74c4e15144a3ae34b8b890bb31c909207301490bd1e51bfaaa5ffeb0a994617 
stunnel-5.63.tar.gz
723f54c28073f17b1ac095a2ab9922735c69f73fba6144a5c68cc160dc673b10 
stunnel-5.63-win64-installer.exe
c77850c39dfb42f95d26d4f5830a261a95c3785d8c39bdd9f28764ba43ee1d7d 
stunnel-5.63-android.zip

Best regards,
    Mike


OpenPGP_signature
Description: OpenPGP digital signature

stunnel 5.62 released

[Michał Trojnara via openssl-users]

Dear Users,

I have released version 5.62 of stunnel.

### Version 5.62, 2022.01.17, urgency: MEDIUM
* New features
  - Added a bash completion script.
* Bugfixes
  - Fixed a transfer() loop bug.

Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html

SHA-256 hashes:
9cf5bb949022aa66c736c1326554cca27d0641605a6370274edc4951eb5bd339 
stunnel-5.62.tar.gz
fbfcc5759344bcafff9ff3bc6cf56c7fb75cb1244b76d4934c5d9a3eb7eee32d 
stunnel-5.62-win64-installer.exe
4b52ed6e4bb8293fdefb10ee8c271400a8c1749254a11b674ff690eae00b3c5e 
stunnel-5.62-android.zip

Best regards,
    Mike


OpenPGP_signature
Description: OpenPGP digital signature

stunnel 5.61 released

[Michał Trojnara via openssl-users]

Dear Users,

I have released version 5.61 of stunnel.

### Version 5.61, 2021.12.22, urgency: LOW
* New features sponsored by the University of Maryland
  - Added new "protocol = capwin" and "protocol = capwinctrl"
    configuration file options.
* New features for the Windows platform
  - Added client mode allowing authenticated users to view
    logs, reconfigure and terminate running stunnel services.
  - Added support for multiple GUI and service instances
    distinguised by the location of stunnel.conf.
  - Improved log window scrolling.
  - Added a new 'Pause auto-scroll' GUI checkbox.
  - Double click on the icon tray replaced with single click.
  - OpenSSL DLLs updated to version 3.0.1.
* Other new features
  - Rewritten the testing framework in python (thx to
    Peter Pentchev for inspiration and initial framework).
  - Added support for missing SSL_set_options() values.
  - Updated stunnel.spec to support RHEL8.
* Bugfixes
  - Fixed OpenSSL 3.0 build.
  - Fixed reloading configuration with
    "systemctl reload stunnel.service".
  - Fixed incorrect messages logged for OpenSSL errors.
  - Fixed printing IPv6 socket option defaults on FreeBSD.

Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html

SHA-256 hashes:
91ea0ca6482d8f7e7d971ee64ab4f86a2817d038a372f0893e28315ef2015d7a 
stunnel-5.61.tar.gz
19c5ff1f4101af1e69585328303c14249db2ec9063542101ca31edb6f6cc502f 
stunnel-5.61-win64-installer.exe
928ec94690564498bf523228946b2cdc90c7e346d6f0baf1f71b76cbe769b96c 
stunnel-5.61-android.zip

Best regards,
    Mike



OpenPGP_signature
Description: OpenPGP digital signature

stunnel 60 released

[Michał Trojnara via openssl-users]

Dear Users,

I have released version 5.60 of stunnel.

### Version 5.60, 2021.08.16, urgency: LOW
* New features
  - New 'sessionResume' service-level option to allow
    or disallow session resumption
  - Added support for the new SSL_set_options() values.
  - Download fresh ca-certs.pem for each new release.
* Bugfixes
  - Fixed 'redirect' with 'protocol'.  This combination is
    not supported by 'smtp', 'pop3' and 'imap' protocols.
  - Enforced minimum WIN32 log window size.
  - Fixed support for password-protected private keys with
    OpenSSL 3.0 (thx to Dmitry Belyavskiy).

Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html

SHA-256 hashes:
c45d765b1521861fea9b03b425b9dd7d48b3055128c0aec673bba5ef9b8f787d 
stunnel-5.60.tar.gz
190b79cb94a4f70f362e44c32d150edf8ae660734d3fa0cbd990c3821e8f3083 
stunnel-5.60-win64-installer.exe
bac9bb4503cc5091d78c9deb6aa013fc07e39d67db0dfcc073b098db52f54427 
stunnel-5.60-android.zip

Best regards,
    Mike



OpenPGP_signature
Description: OpenPGP digital signature

stunnel 5.59 released

[Michał Trojnara via openssl-users]

Dear Users,

I have released version 5.59 of stunnel.

### Version 5.59, 2021.04.05, urgency: HIGH
* Security bugfixes
  - OpenSSL DLLs updated to version 1.1.1k.
* New features
  - Client-side "protocol = ldap" support (thx to Bart
    Dopheide and Seth Grover).
* Bugfixes
  - The test suite fixed not to require external connectivity.
  - Fixed paths in generated manuals (thx to Tatsuki Makino).
  - Fixed configuration reload when compression is used.
  - Fixed compilation with early releases of OpenSSL 1.1.1.

Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html

SHA-256 hashes:
137776df6be8f1701f1cd590b7779932e123479fb91e5192171c16798815ce9f 
stunnel-5.59.tar.gz
c45fa3f70ecf0628d1f5985f2c11fedfc989bbc64db857def82ca7ee602fd8e0 
stunnel-5.59-win64-installer.exe
b56d91493631ff2b18e3e596fbb491892847f5671335c3f5e2307e174742ae44 
stunnel-5.59-android.zip

Best regards,
    Mike

stunnel 5.58 released

[Michał Trojnara via openssl-users]

Dear Users,

I have released version 5.58 of stunnel.

This release fixes another security bug in the "redirect" option.

### Version 5.58, 2021.02.20, urgency: HIGH
* Security bugfixes
  - The "redirect" option was fixed to properly handle
    unauthenticated requests (thx to Martin Stein).
  - Fixed a double free with OpenSSL older than 1.1.0 (thx to
    Petr Strukov).
  - OpenSSL DLLs updated to version 1.1.1j.
* New features
  - New 'protocolHeader' service-level option to insert custom
    'connect' protocol negotiation headers.  This feature can
    be used to impersonate other software (e.g. web browsers).
  - 'protocolHost' can also be used to control the client SMTP
    protocol negotiation HELO/EHLO value.
  - Initial FIPS 3.0 support.
* Bugfixes
  - X.509v3 extensions required by modern versions of OpenSSL
    are added to generated self-signed test certificates.
  - Fixed a tiny memory leak in configuration file reload
    error handling (thx to Richard Könning).
  - Merged Debian 05-typos.patch (thx to Peter Pentchev).
  - Merged with minor changes Debian 06-hup-separate.patch
    (thx to Peter Pentchev).
  - Merged Debian 07-imap-capabilities.patch (thx to Ansgar).
  - Merged Debian 08-addrconfig-workaround.patch (thx to Peter
    Pentchev).
  - Fixed tests on the WSL2 platform.
  - NSIS installer updated to version 3.06 to fix a multiuser
    installation bug on some platforms, including 64-bit XP.
  - Fixed engine initialization (thx to Petr Strukov).
  - FIPS TLS feature is reported when a provider or container
    is available, and not when FIPS control API is available.

Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html

SHA-256 hashes:
d4c14cc096577edca3f6a2a59c2f51869e35350b3988018ddf808c88e5973b79 
stunnel-5.58.tar.gz
92055a006a0d178a25cc29ef681ae32d4cea3075c096abc893c92ba6285d6908 
stunnel-5.58-win64-installer.exe
57c313ee8b42da42265b33fb91555a58c1f1b94f5e93a389c310e37a87f2013c 
stunnel-5.58-android.zip

Best regards,
    Mike






OpenPGP_signature
Description: OpenPGP digital signature

stunnel 5.57 released

[Michał Trojnara via openssl-users]

Dear Users,

I have released version 5.57 of stunnel.

This is a security release.  Make sure to upgrade if you use the "redirect" 
option.

### Version 5.57, 2020.10.11, urgency: HIGH
* Security bugfixes
  - The "redirect" option was fixed to properly
    handle "verifyChain = yes" (thx to Rob Hoes).
  - OpenSSL DLLs updated to version 1.1.1h.
* New features
  - New securityLevel configuration file option.
  - FIPS support for RHEL-based distributions.
  - Support for modern PostgreSQL clients (thx to Bram Geron).
  - Windows tooltip texts updated to mention "stunnel".
  - TLS 1.3 configuration updated for better compatibility.
* Bugfixes
  - Fixed a transfer() loop bug.
  - Fixed memory leaks on configuration reloading errors.
  - DH/ECDH initialization restored for client sections.
  - Delay startup with systemd until network is online.
  - bin\libssp-0.dll removed when uninstalling.
  - A number of testing framework fixes and improvements.

Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html

SHA-256 hashes:

af5ab973dde11807c38735b87bdd87563a47d2fa1c72a07929fcfce80a600fe1  
stunnel-5.57.tar.gz
6bcabe757e72a26463b054e7bf14d661b3a6734b4fa60dced491de170008d78c  
stunnel-5.57-win64-installer.exe
8bae28d1376a70df69f5d47c41ebb95443934ac6efb058aaa9ae299a391c83e0  
stunnel-5.57-android.zip

Best regards,
    Mike




signature.asc
Description: OpenPGP digital signature

stunnel 5.56 released

[Michał Trojnara via openssl-users]

Dear Users,

I have released version 5.56 of stunnel.

### Version 5.56, 2019.11.22, urgency: HIGH
* New features
  - Various text files converted to Markdown format.
* Bugfixes
  - Support for realpath(3) implementations incompatible
    with POSIX.1-2008, such as 4.4BSD or Solaris.
  - Support for engines without PRNG seeding methods (thx to
    Petr Mikhalitsyn).
  - Retry unsuccessful port binding on configuration
    file reload.
  - Thread safety fixes in SSL_SESSION object handling.
  - Terminate clients on exit in the FORK threading model.

Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html

SHA-256 hashes:

7384bfb356b9a89ddfee70b5ca494d187605bb516b4fff597e167f97e2236b22 
stunnel-5.56.tar.gz
e9d7dea3976219f0fc89cfb4f645f47b1291ebec8ce55cff46dbbfbb2e9b4084 
stunnel-5.56-win64-installer.exe
d8a5e359c7102b3c9619fca6b4ffbb39c16a9779dcecb426f204a7857cb33f67 
stunnel-5.56-android.zip

Best regards,
    Mike



signature.asc
Description: OpenPGP digital signature

stunnel 5.55 released

[Michał Trojnara via openssl-users]

Dear Users,

I have released version 5.55 of stunnel.
This release addresses a number of important Windows issues, including
security vulnerabilities.

Version 5.55, 2019.06.10, urgency: HIGH
* Security bugfixes
  - Fixed a Windows local privilege escalation vulnerability
    caused insecure OpenSSL cross-compilation defaults.
    Successful exploitation requires stunnel to be deployed
    as a Windows service, and user-writable C:\ folder. This
    vulnerability was discovered and reported by Rich Mirch.
  - OpenSSL DLLs updated to version 1.1.1c.
* Bugfixes
  - Implemented a workaround for Windows hangs caused by its
    inability to the monitor the same socket descriptor from
    multiple threads.
  - Windows configuration (including cryptographic keys)
    is now completely removed at uninstall.
  - A number of testing framework fixes and improvements.

Home page: https://www.stunnel.org/
Download: https://www.stunnel.org/downloads.html

SHA-256 hashes:
90de69f41c58342549e74c82503555a6426961b29af3ed92f878192727074c62 
stunnel-5.55.tar.gz
e586b68da9e4faedf41cbcc8378402d7b188bb25b1f0f3cd1f2ce68620ef9e29 
stunnel-5.55-win64-installer.exe
7af80d424986149629aad7d75710400f58ba259042c58557adf743627b5c8e3c 
stunnel-5.55-android.zip

Best regards,
    Mike



signature.asc
Description: OpenPGP digital signature

Re: [openssl-users] stunnel 5.46 released

[Michał Trojnara]

On 05/31/2018 06:15 AM, Viktor Dukhovni wrote:
> I expect there are still plenty of LTS RedHat systems that
> ship without EC support, though yes anything reasonably
> up to date, will have EC support.
AFAIR EC cipher suites were introduced in OpenSSL 1.0.0, so those LTS
systems must be using OpenSSL 0.9.x.  In 2018 this is asking for
trouble, and a clear evidence that they don't care about security...
> Ultimately of course up to you and your users, I think I've
> made my case as well as I could.  Good luck.
Indeed.  Thank you.  I highly appreciate your input.  Defining an
acceptable security margin for algorithms is tough, especially with QC
predictions in mind...

Best regards,
    Mike



signature.asc
Description: OpenPGP digital signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] stunnel 5.46 released

[Michał Trojnara]

On 05/29/2018 01:48 AM, Viktor Dukhovni wrote:
> I am rather puzzled as to why you chose to eliminate
> not just fixed DH, but also the ephemeral finite-field
> DH key exchange.  What's wrong with the DHE ciphers?
Mostly precomputation attacks: https://weakdh.org/logjam.html
Those parameters are "ephemeral", but not really unique for each TLS
session.
They are also quite slow compared to their EC counterparts...

> I would have chosen:
>
>   HIGH:!aNULL:!kDH:!kECDH:!MD5
>
> which excludes the *fixed* DH/ECDH ciphers and MD5
> (and thus also SSLv2).  This does not eliminate
> ephemeral finite-field DH, not sure why you're doing
> that...
Actually the only MD5 vulnerability is collisions.  This may be a threat
for some CAs that use predictable serial numbers, but there are no known
risk for HMACs as used in TLS cipher suites.

Also, excluding kECDH cipher suites sounds like a good idea indeed.

Best regards,
    Mike

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] stunnel 5.44 released

[Michał Trojnara]

Dear Users,

I have released version 5.44 of stunnel.
It is a bugfix release.  I recommend updating to this version.

Version 5.44, 2017.11.26, urgency: MEDIUM
* New features
  - Signed Win32 executables, libraries, and installer.
* Bugfixes
  - Default accept address restored to INADDR_ANY.
  - Fixed a race condition in "make check".
  - Fixed removing the pid file after configuration reload.

Home page: https://www.stunnel.org/
Download:  https://www.stunnel.org/downloads.html

SHA-256 hashes:
990a325dbb47d77d88772dd02fbbd27d91b1fea3ece76c9ff4461eca93f12299
stunnel-5.44.tar.gz
4099650ae7be17b81412a0d4caa91db19c8678c8d8d2975398814e583f4c51aa
stunnel-5.44-win32-installer.exe
643365b53ee6f16f87a902c3df849209155e603f02f7a761fc2457c89e5ac243
stunnel-5.44-android.zip

Best regards,
Mike



signature.asc
Description: OpenPGP digital signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] stunnel 5.43 released

[Michał Trojnara]

Dear Users,

I have released version 5.43 of stunnel.

Version 5.43, 2017.11.05, urgency: LOW
* New features
  - OpenSSL DLLs updated to version 1.0.2m.
  - Android build updated to OpenSSL 1.1.0g.
  - Allow for multiple "accept" ports per section.
  - Self-test framework (make check).
  - Added config load before OpenSSL init (thx to Dmitrii Pichulin).
  - OpenSSL 1.1.0 support for Travis CI.
  - OpenSSL 1.1.1-dev compilation fixes.
* Bugfixes
  - Fixed a memory fault on Solaris.
  - Fixed round-robin failover in the FORK threading model.
  - Fixed handling SSL_ERROR_ZERO_RETURN in SSL_shutdown().
  - Minor fixes of the logging subsystem.

Home page: https://www.stunnel.org/
Download:  https://www.stunnel.org/downloads.html

SHA-256 hashes:
05915babf705a0494886a72a7367913d403d07fc908ebb7b380d639e2d8bcee2
stunnel-5.43.tar.gz
5249479d295f482ecac9cd3d5c89c0e5d41ae6ff8e265d4634ecfd8761834201
stunnel-5.43-win32-installer.exe
e628fa7027d19bf4f0a62392f9dc042d97959498c292e13ebdf30c65a545dd6d
stunnel-5.43-android.zip

Best regards,
Mike



signature.asc
Description: OpenPGP digital signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] stunnel 5.42 released

[Michał Trojnara]

Dear Users,

I have released version 5.42 of stunnel.

Version 5.42, 2017.07.16, urgency: HIGH
* New features
  - "redirect" also supports "exec" and not only "connect".
  - PKCS#11 engine DLL updated to version 0.4.7.
* Bugfixes
  - Fixed premature cron thread initialization causing hangs.
  - Fixed "verifyPeer = yes" on OpenSSL <= 1.0.1.
  - Fixed pthreads support on OpenSolaris.

Home page: https://www.stunnel.org/
Download:  https://www.stunnel.org/downloads.html

SHA-256 hashes:
1b6a7aea5ca223990bc8bd621fb0846baa4278e1b3e00ff6eee279cb8e540fab
stunnel-5.42.tar.gz
f3d612b907e2562182c574353c11ce793a3957b88266d5ace0fa99a05d4325e8
stunnel-5.42-win32-installer.exe
9cac7f5b8a11f6d730253e7eb8550f0924af3010fef3149698b174617ee41ccf
stunnel-5.42-android.zip

Best regards,
Mike



signature.asc
Description: OpenPGP digital signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] stunnel 5.41 released

[Michał Trojnara]

Dear Users,

I have released version 5.41 of stunnel.

Version 5.41, 2017.04.01, urgency: MEDIUM
* New features
  - PKCS#11 engine DLL updated to version 0.4.5.
  - Default engine UI set with ENGINE_CTRL_SET_USER_INTERFACE.
  - Key file name added into the passphrase console prompt.
  - Performance optimization in memory leak detection.
* Bugfixes
  - Fixed crashes with the OpenSSL 1.1.0 branch.
  - Fixed certificate verification with "verifyPeer = yes"
and "verifyChain = no" (the default), while the peer
only returns a single certificate.

Home page: https://www.stunnel.org/
Download:  https://www.stunnel.org/downloads.html

SHA-256 hashes:
f05c6321ee1f6ddebacc234ccf20825971941e831b5beea6d0ce0b8e1668148f
stunnel-5.41.tar.gz
f0e8aa9abf3cddae70d0c0596ab44f64f4e3964e299177b3adf4c63a5d0f960b
stunnel-5.41-win32-installer.exe
218ec5714071901179139afbc4af846231ae32594765a4c06abaf05f05144e34
stunnel-5.41-android.zip

Best regards,
Mike



signature.asc
Description: OpenPGP digital signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] stunnel 5.40 released

[Michał Trojnara]

Dear Users,

I have released version 5.40 of stunnel.

Version 5.40, 2017.01.28, urgency: HIGH
* Security bugfixes
  - OpenSSL DLLs updated to version 1.0.2k.
https://www.openssl.org/news/secadv/20170126.txt
* New features
  - DH ciphersuites are now disabled by default.
  - The daily server DH parameter regeneration is only performed if
DH ciphersuites are enabled in the configuration file.
  - "checkHost" and "checkEmail" were modified to require either
"verifyChain" or "verifyPeer" (thx to Małorzata Olszówka).
* Bugfixes
  - Fixed setting default ciphers.

Home page: https://www.stunnel.org/
Download:  https://www.stunnel.org/downloads.html

SHA-256 hashes:
23acdb390326ffd507d90f8984ecc90e0d9993f6bd6eac1d0a642456565c45ff
stunnel-5.40.tar.gz
c55548ffe073ddcea61ff938dbbbc66a7dce3be6f70c10ba578b33d18aa1f234
stunnel-5.40-win32-installer.exe
c7c4bb78689d3111e362e3b1e859aa9293809b4720b814810b8cdd6963fc17b1
stunnel-5.40-android.zip

Best regards,
Mike



signature.asc
Description: OpenPGP digital signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] stunnel 5.39 released

[Michał Trojnara]

Dear Users,

I have released version 5.39 of stunnel.

Version 5.39, 2017.01.01, urgency: LOW
* New features
  - PKCS#11 engine (pkcs11.dll) added to the Win32 build.
  - Per-destination TLS session cache added for the client mode.
  - The new "logId" parameter "process" added to log PID values.
  - Added support for the new SSL_set_options() values.
  - Updated the manual page.
  - Obsolete references to "SSL" replaced with "TLS".
* Bugfixes
  - Fixed "logId" parameter to also work in inetd mode.
  - "delay = yes" properly enforces "failover = prio".
  - Fixed fd_set allocation size on Win64.
  - Fixed reloading invalid configuration file on Win32.
  - Fixed resolving addresses with unconfigured network interfaces.

Home page: https://www.stunnel.org/
Download:  https://www.stunnel.org/downloads.html

SHA-256 hashes:
288c087a50465390d05508068ac76c8418a21fae7275febcc63f041ec5b04dee
stunnel-5.39.tar.gz
2acacc912d87c4fc8506e70d00ac514526ee80d1996bdf0a56f00383e43a49a9
stunnel-5.39-win32-installer.exe
0a1a5e4c3c30067d9d07f27cd55a2f7d59359770ed751384e374a79cdae57913
stunnel-5.39-android.zip

Best regards,
Mike



signature.asc
Description: OpenPGP digital signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] stunnel 5.38 released

[Michał Trojnara]

Dear Users,

I have released version 5.38 of stunnel.

Version 5.38, 2016.11.26, urgency: MEDIUM
* New features
  - "sni=" can be used to prevent sending the SNI extension.
  - The AI_ADDRCONFIG resolver flag is used when available.
  - Merged Debian 06-lfs.patch (thx Peter Pentchev).
* Bugfixes
  - Fixed a memory allocation bug causing crashes with OpenSSL 1.1.0.
  - Fixed error handling for mixed IPv4/IPv6 destinations.
  - Merged Debian 08-typos.patch (thx Peter Pentchev).

Home page: https://www.stunnel.org/
Download:  https://www.stunnel.org/downloads.html

SHA-256 hashes:
09ada29ba1683ab1fd1f31d7bed8305127a0876537e836a40cb83851da034fd5
stunnel-5.38.tar.gz
8480dd90fbba19324f916267d38835e631b28ffd6b11f9526319c5e8399f4a2f
stunnel-5.38-installer.exe
3d77a3becb6d123eaf3c9abba0ba8b96c1893bdad534710dc7094b5449cfc795
stunnel-5.38-android.zip

Best regards,
Mike



signature.asc
Description: OpenPGP digital signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] stunnel 5.37 released

[Michał Trojnara]

Dear Users,

I have released version 5.37 of stunnel.

Version 5.37, 2016.11.06, urgency: MEDIUM
* Bugfixes
  - OpenSSL DLLs updated to version 1.0.2j (stops crashes).
  - The default SNI target (not handled by any slave service)
is handled by the master service rather than rejected.
  - Removed thread synchronization in the FORK threading model.

Home page: https://www.stunnel.org/
Download:  https://www.stunnel.org/downloads.html

SHA-256 hashes:
d0e3530e3effc64fdec792c71791d4937c6b8bd3b9ea4895c6bb6526dcd0d241
stunnel-5.37.tar.gz
b1015afdfc536312b9e3556483c9bfeefd9e29d6f483d305459033272adcf4ad
stunnel-5.37-installer.exe
4bda9b0116676fec7533b3c1e40b9d24f0722e6317c59be4831c19102f4a925c
stunnel-5.37-android.zip

Best regards,
Mike



signature.asc
Description: OpenPGP digital signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] stunnel 5.36 released

[Michał Trojnara]

Dear Users,

I have released version 5.36 of stunnel.

Version 5.36, 2016.09.22, urgency: HIGH
* Security bugfixes
  - OpenSSL DLLs updated to version 1.0.2i.
https://www.openssl.org/news/secadv_20160922.txt
* New features
  - Added support for OpenSSL 1.1.0 built with "no-deprecated".
  - Removed direct zlib dependency.

Home page: https://www.stunnel.org/
Download:  https://www.stunnel.org/downloads.html

SHA-256 hashes:
eb8952fcfdfcdf5056a1f1a78e1ec5014b819c5f5f7599b924dc4490ffe4b5ea
stunnel-5.36.tar.gz
0164a45812ee2292574f898b1526062c2fbeccbb9c4e679a120b16e3284d2b0e
stunnel-5.36-installer.exe
a82c3978e113ecc55caefa5f169f622048f6aa434e6620e78e5d88a1885a3d69
stunnel-5.36-android.zip

Best regards,
Mike





signature.asc
Description: OpenPGP digital signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] stunnel 5.35 released

[Michał Trojnara]

Dear Users,

I have released version 5.35 of stunnel.

The ChangeLog entry:
Version 5.35, 2016.07.18, urgency: HIGH
* Bugfixes
  - Fixed incorrectly enforced client certificate requests.
  - Only default to SO_EXCLUSIVEADDRUSE on Vista and later.
  - Fixed thread safety of the configuration file reopening.

Home page: https://www.stunnel.org/
Download:  https://www.stunnel.org/downloads.html

SHA-256 hashes:
ffa386ae4c825f35f35157c285e7402a6d58779ad8c3822f74a9d355b54aba1d
stunnel-5.35.tar.gz
36e70e109d0283cd55c416eb261234f4c1b165409e1805df369bc774551f965c
stunnel-5.35-installer.exe
e671a4716fd36bde67850cdb5d17f54ee32b6afec9ad4ea6825d00f72a741cc5
stunnel-5.35-android.zip

Best regards,
Mike





signature.asc
Description: OpenPGP digital signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] stunnel 5.35 released

[Michał Trojnara]

Dear Users,

I have released version 5.35 of stunnel.

The ChangeLog entry:
Version 5.35, 2016.07.18, urgency: HIGH
* Bugfixes
  - Fixed incorrectly enforced client certificate requests.
  - Only default to SO_EXCLUSIVEADDRUSE on Vista and later.
  - Fixed thread safety of the configuration file reopening.

Home page: https://www.stunnel.org/
Download:  https://www.stunnel.org/downloads.html

SHA-256 hashes:
ffa386ae4c825f35f35157c285e7402a6d58779ad8c3822f74a9d355b54aba1d
stunnel-5.35.tar.gz
36e70e109d0283cd55c416eb261234f4c1b165409e1805df369bc774551f965c
stunnel-5.35-installer.exe
e671a4716fd36bde67850cdb5d17f54ee32b6afec9ad4ea6825d00f72a741cc5
stunnel-5.35-android.zip

Best regards,
Mike



signature.asc
Description: OpenPGP digital signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] stunnel 5.34 released

[Michał Trojnara]

Dear Users,

I have released version 5.34 of stunnel.
This release includes a major security bugfix.

The ChangeLog entry:

Version 5.34, 2016.07.05, urgency: HIGH
* Security bugfixes
  - Fixed malfunctioning "verify = 4".
* New features
  - Bind sockets with SO_EXCLUSIVEADDRUSE on WIN32.
  - Added three new service-level options: requireCert, verifyChain,
and verifyPeer for fine-grained certificate verification control.
  - Improved compatibility with the current OpenSSL 1.1.0-dev tree.

Home page: https://www.stunnel.org/
Download:  https://www.stunnel.org/downloads.html

SHA-256 hashes:
78668a84a5a01188dddfcecb37d8c69a4c725dc3b476fbbd294e86741a55
stunnel-5.34.tar.gz
abddf49a02e810bf618884f6ac8fde2c1e59bda73c65c4fd9a82b724524b4d9f
stunnel-5.34-installer.exe
6ae4aa536b9083da69b5e8905c85f4655db9ebfc95b79c8a67adbf309181c10d
stunnel-5.34-android.zip

Best regards,
Mike



signature.asc
Description: OpenPGP digital signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] stunnel 5.33 released

[Michał Trojnara]

Dear Users,

I have released version 5.33 of stunnel.
This release fixes a memory leak.  Upgrade is highly recommended.

The ChangeLog entry:

Version 5.33, 2016.06.23, urgency: HIGH
* New features
  - Improved memory leak detection performance and accuracy.
  - Improved compatibility with the current OpenSSL 1.1.0-dev tree.
  - SNI support also enabled on OpenSSL 0.9.8f and later (thx to
Guillermo Rodriguez Garcia).
  - Added support for PKCS #12 (.p12/.pfx) certificates (thx to
Dmitry Bakshaev).
* Bugfixes
  - Fixed a TLS session caching memory leak (thx to Richard Kraemer).
Before stunnel 5.27 this leak only emerged with sessiond enabled.
  - Yet another WinCE socket fix (thx to Richard Kraemer).
  - Fixed passphrase/pin dialogs in tstunnel.exe.
  - Fixed a FORK threading build regression bug.
  - OPENSSL_NO_DH compilation fix (thx to Brian Lin).

Home page: https://www.stunnel.org/
Download:  https://www.stunnel.org/downloads.html

SHA-256 hashes:
7f54636d1e00864fd4d6bdda0bef60b8aaf24350cf02f89dfd2ac7967c052c73
stunnel-5.33.tar.gz
facd42d19b78e3b4c3a8fb207577c5ba142a5d98ccbc7c0fd3c44b49f65b2235
stunnel-5.33-installer.exe
82fa7e723d7e226a797626dd43d5eb08ee2298b11ae9c1a7589ee9e121e6edfa
stunnel-5.33-android.zip

Best regards,
Mike



signature.asc
Description: OpenPGP digital signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] stunnel 5.32 released

[Michał Trojnara]

Dear Users,

I have released version 5.32 of stunnel.

The ChangeLog entry:

Version 5.32, 2016.05.03, urgency: HIGH
* Security bugfixes
  - OpenSSL DLLs updated to version 1.0.2h.
https://www.openssl.org/news/secadv_20160503.txt
* New features
  - New "socket = a:IPV6_V6ONLY=yes" option to only bind IPv6.
  - Memory leak detection.
  - Improved compatibility with the current OpenSSL 1.1.0-dev tree.
  - Added/fixed Red Hat scripts (thx to Andrew Colin Kissa).
* Bugfixes
  - Workaround for a WinCE sockets quirk (thx to Richard Kraemer).
  - Fixed data alignment on 64-bit MSVC (thx to Yuris W. Auzins).

Home page: https://www.stunnel.org/
Download:  https://www.stunnel.org/downloads.html

SHA-256 hashes:
0ee64774d7a720f3ffd129b08557ee0882704c7f65b859c40e315a175b68a6fd
stunnel-5.32.tar.gz
6e79f3e6f811f4efdbac65c2ce475db93aa4033e71e93a8bbc5c5a08036f932a
stunnel-5.32-installer.exe
bdb15e548c7985b01cadb21939d71f450aa044dcd955b97648821298ac1eeea1
stunnel-5.32-android.zip

Best regards,
Mike



signature.asc
Description: OpenPGP digital signature
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] SSL_COMP

[Michał Trojnara]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 12.01.2016 20:18, Viktor Dukhovni wrote:
>> On Jan 12, 2016, at 4:05 AM, Michal Trojnara
>>  wrote: I guess openssl/ssl.h should
>> be modified to include: typedef struct ssl_comp_st SSL_COMP; 
>> DEFINE_STACK_OF(SSL_COMP)
> 
> Try a more recent git commit.  This should be fixed now.

It works.  Thank you.

Best regards,
Mike
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJWlVdRAAoJEC78f/DUFuAUbfIQAMrWPpm37y3/qajjOmvN+ZX4
uke0FFWyMY94DrsSFcL6GjdLa6T1/LvuyDELVn+lujPlMMGq8zApSyQ5Qnsz3Vbq
oosKVga1jpCgJasx8aas4kk6faiggNrk+THjIC5GZtMlqLN/o/cC5SDQgYKQ0UBA
PZRaywTbS37Sdu8gldu0mL46SqGhwyeUV/dNeAvKiB1Bimb4HZMYM3cqs6dabBfr
pw7ymJIa99rSKx4DureWZ+vIrtHyfFm34QT9JB0A+3qqj8m0B8DG71ljsUSbAu7p
YIz1QJ3Aj1qOqWC76JEVtw/754/YKOnWFtapt1A09C9Cxo3DxFFHEwhmiJYHjPu/
0WZbnw91PU9KjEqJ+f6ELxyTT315WjxT2pypgDKw/E1EIetQoaOGukMW1UnTTVJY
UKSsotkNoDT5mrFcfW355KorvXmguKcd3rKT+6gC6zW0CO1pGmCunyp9hSm7K5l1
+pb1cRNDGYIn6jDPJuqCameTFsYx2YGYYGK41k6Bu9kyF8xzWnys26U+aIs4Ib6k
IXToIjDF52gVGS1UQYrz08QsVV3XnI47Q/+FIOlY9oOEMHISQvytIJp7kVaUNZ1Z
0g6g7xEQgn53LMai45htTkzR4Sv15rQDYvXr6IU9KmiCKWUhVmJVa1hTaVAeO8ZX
6i+qE6WzyHUC8qLnuoaL
=4EYu
-END PGP SIGNATURE-
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] stunnel 5.29 released

[Michał Trojnara]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Dear Users,

I have released version 5.29 of stunnel.

The ChangeLog entry:

Version 5.29, 2016.01.08, urgency: LOW
* New features
  - New WIN32 icons.
  - Performance improvement: rwlocks used for locking with pthreads.
* Bugfixes
  - Compilation fix for *BSD.
  - Fixed configuration file reload for relative stunnel.conf path
on Unix.
  - Fixed ignoring CRLfile unless CAfile was also specified (thx
to Strukov Petr).

Home page: https://www.stunnel.org/
Download:  https://www.stunnel.org/downloads.html

SHA-256 hashes:
43909625403ea634fa7cb8399d58faf8e7f11c1b7b29097491469951f56df551
stunnel-5.29.tar.gz
c92ccc98cc9eb0c5d95d9550af39ab502e7ea45ed4d9ccc821aa261856f958b1
stunnel-5.29-installer.exe
f9db8676e8e2ec6db355bae41eb625eb8ebd45a836ad8cbf06ce60a3c305fde2
stunnel-5.29-android.zip

Best regards,
Mike
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJWkFGaAAoJEC78f/DUFuAUGocQAMgblKTHppSpRurlkCZtjNDh
p/M7IqxzfqCczIUuG1zdPVyk7lcW3jhFHXsfjTcch56YH6FtMcezUv8Wa8LojNjY
iY1uSbWyAmdsV5ye+Z4SWybwOfS53i5IK9Fnb3UE1CmcETxsI56AWzVLG0w8jsGH
HwRB3+J/aVS+VqOeNO4VW53yzvT73k3tvPDAKu7NFRrmhvJ9vk7BkgL/WJ/1oK5D
480eLHoT0phe/Xl2cMaOJDXBnU0dAfDieM5IWwL+jAqWhsEeTgK8n92FbAqFB6T6
GkhJGfgc0olSlQkCo7Iz3Q8mh65NpEYNoZGIT2VelalXOM2lyeL4vuwfbGiomalW
N3Mt1xNXuneX77E0rOM2rlnzoaG9FulcDHp/Ie9plOyO6OyimFMKU1Xg9lJSCU2B
iTu6F0FvptduPU3e6rE1FSxMII0lzMo6oDHFggK5YlitJJKPOoGLfW2T4SjYlsmw
BirrEO9j/OvOqLT5ovMCJUVLXZrrjKkoCQoZI7p8r1rPJlsdC4QeRb0p9wJAGdAJ
pS3w1HEgcXMUf/xS130nM2euftu0Td3Qi1tqXnDgtbSkwEN1T0tP3xiD1D++BzMf
TzMivlWyerjOEuBMCRwcKMsrIr8+seSdLzUIISJ8EwCGWUq0p1l4KXYs5EofNJKI
gIZdYXEX46WlR+dl7aZC
=IchS
-END PGP SIGNATURE-
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: problems

[Michał Trojnara]

Kelly Phinney wrote:
 I downloaded OPENSSL because I was getting an error message:
 stunnel-4.10.exe-ordinal not found
 I am not getting that message anymore but now I am getting
 this message upon startup:
 stunnel-4.10.exe.-application error
 the application failed to initialize properly (0xc0150002).
 click to terminate the application.
 Do you know how I can fix this??

What about upgrading your stunnel?
Version 4.10 is over 3 years old.
http://stunnel.mirt.net/

Best regards,
Mike

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

stunnel 4.24 released

[Michał Trojnara]

Dear Users,

I have just released a new version of stunnel, which fixes a security issue
in the OCSP functionality.  The bug allows a revoked certificate to
successfully authenticate.  Any installations with OCSP enabled should be
upgraded ASAP.  Other users are not affected.

Home page/download: http://stunnel.mirt.net/

sha1sum for stunnel-4.24.tar.gz file:
ec6db4080199d11e020b780da0f1cc37d37d9233

Best regards,
Mike

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]

stunnel 4.22 released (Black Hat Europe edition)

[Michał Trojnara]

Dear Users,

I have just released a new version of stunnel.  This is mostly a bugfix
release and I recommend to schedule an upgrade.

Please find below the ChangeLog entry:
Version 4.22, 2008.03.28, urgency: MEDIUM:
* New features
  - Makefile was updated to use standard autoconf variables:
sysconfdir, localstatedir and pkglibdir.
  - A new global option to control logging to syslog:
  syslog = yes|no
Simultaneous logging to a file and the syslog is now possible.
  - A new service level option to control stack size:
  stack = number of bytes
* Bugfixes
  - Restored chroot() to be executed after decoding numerical
userid and groupid values in drop_privileges().
  - A few bugs fixed the in the new libwrap support code.
  - TLSv1 method used by default in FIPS mode instead of
SSLv3 client and SSLv23 server methods.
  - OpenSSL GPL license exception update based on
http://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs

Home page/download: http://stunnel.mirt.net/

sha1sum for stunnel-4.22.tar.gz file:
452d0068bcae39afe7401216153986f3af810e37

Best regards,
Mike

__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   [EMAIL PROTECTED]