stunnel 5.67 released
Dear Users, I have released version 5.67 of stunnel. ### Version 5.67, 2022.11.01, urgency: HIGH * Security bugfixes - OpenSSL DLLs updated to version 3.0.7. * New features - Provided a logging callback to custom engines. * Bugfixes - Fixed "make cert" with OpenSSL older than 3.0. - Fixed the code and the documentation to use conscious language for SNI servers (thx to Clemens Lang). Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 3086939ee6407516c59b0ba3fbf555338f9d52f459bcab6337c0f00e91ea8456 stunnel-5.67.tar.gz a6bdc2a735eb34465d10e3c7e61f32d679ba29a68de8ea8034db79c0c8b328a3 stunnel-5.67-win64-installer.exe 893f53d6647900eb34041be8f21a21c052a31de3fb393a97627021a1ef2752f5 stunnel-5.67-android.zip Best regards, Mike OpenPGP_signature Description: OpenPGP digital signature
stunnel 5.66 released
Dear Users, I have released version 5.66 of stunnel. ### Version 5.66, 2022.09.11, urgency: MEDIUM * New features - OpenSSL 3.0 FIPS Provider support for Windows. * Bugfixes - Fixed building on machines without pkg-config. - Added the missing "environ" declaration for BSD-based operating systems. - Fixed the passphrase dialog with OpenSSL 3.0. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 558178704d1aa5f6883aac6cc5d6bbf2a5714c8a0d2e91da0392468cee9f579c stunnel-5.66.tar.gz 5fccb2e4db0d2e3c1adb26c3906585ac545baf88226f4f539b2dc43fe418a3ef stunnel-5.66-win64-installer.exe 3b1e30e060e16f6aa9a8ad1b1a6ba1210c165bf76bd01e4734cb4537e0717c09 stunnel-5.66-android.zip Best regards, Mike OpenPGP_signature Description: OpenPGP digital signature
stunnel 5.65 released
Dear Users, I have released version 5.65 of stunnel. On Windows, this release fixes a high severity OpenSSL vulnerability: https://www.openssl.org/news/secadv/20220705.txt ### Version 5.65, 2022.07.17, urgency: HIGH * Security bugfixes - OpenSSL DLLs updated to version 3.0.5. * Bugfixes - Fixed handling globally enabled FIPS. - Fixed openssl.cnf processing in WIN32 GUI. - Fixed a number of compiler warnings. - Fixed tests on older versions of OpenSSL. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 60c500063bd1feff2877f5726e38278c086f96c178f03f09d264a2012d6bf7fc stunnel-5.65.tar.gz ca88e65888102f7526cab4edad7b30e8d1e82d428c34d5b5f00513dff9ed2288 stunnel-5.65-win64-installer.exe 9dadaa8622e1c1955728cbd8d49e1a6b5eae77bfa5340f7a1f82451121aee740 stunnel-5.65-android.zip Best regards, Mike OpenPGP_signature Description: OpenPGP digital signature
stunnel 5.64 released
Dear Users, I have released version 5.64 of stunnel. This release only includes Windows fixes and improvements. ### Version 5.64, 2022.05.06, urgency: MEDIUM * Security bugfixes - OpenSSL DLLs updated to version 3.0.3. * New features - Updated the pkcs11 engine for Windows. * Bugfixes - Removed the SERVICE_INTERACTIVE_PROCESS flag in "stunnel -install". Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: eebe53ed116ba43b2e786762b0c2b91511e7b74857ad4765824e7199e6faf883 stunnel-5.64.tar.gz 600e76b52a86b21f97a1af13734fdd2226c26646bb77f5f9f074ba3d5755f024 stunnel-5.64-win64-installer.exe 391db6166b22a6648fd1f1df584c13ade61c93f620e46b12ebb30b643e61d2d3 stunnel-5.64-android.zip Best regards, Mike OpenPGP_signature Description: OpenPGP digital signature
stunnel 5.63 released
Dear Users, I have released version 5.63 of stunnel. ### Version 5.63, 2022.03.15, urgency: HIGH * Security bugfixes - OpenSSL DLLs updated to version 3.0.2. * New features - Updated stunnel.spec to support bash completion. * Bugfixes - Fixed a PRNG initialization crash (thx to Gleydson Soares). Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: c74c4e15144a3ae34b8b890bb31c909207301490bd1e51bfaaa5ffeb0a994617 stunnel-5.63.tar.gz 723f54c28073f17b1ac095a2ab9922735c69f73fba6144a5c68cc160dc673b10 stunnel-5.63-win64-installer.exe c77850c39dfb42f95d26d4f5830a261a95c3785d8c39bdd9f28764ba43ee1d7d stunnel-5.63-android.zip Best regards, Mike OpenPGP_signature Description: OpenPGP digital signature
stunnel 5.62 released
Dear Users, I have released version 5.62 of stunnel. ### Version 5.62, 2022.01.17, urgency: MEDIUM * New features - Added a bash completion script. * Bugfixes - Fixed a transfer() loop bug. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 9cf5bb949022aa66c736c1326554cca27d0641605a6370274edc4951eb5bd339 stunnel-5.62.tar.gz fbfcc5759344bcafff9ff3bc6cf56c7fb75cb1244b76d4934c5d9a3eb7eee32d stunnel-5.62-win64-installer.exe 4b52ed6e4bb8293fdefb10ee8c271400a8c1749254a11b674ff690eae00b3c5e stunnel-5.62-android.zip Best regards, Mike OpenPGP_signature Description: OpenPGP digital signature
stunnel 5.61 released
Dear Users, I have released version 5.61 of stunnel. ### Version 5.61, 2021.12.22, urgency: LOW * New features sponsored by the University of Maryland - Added new "protocol = capwin" and "protocol = capwinctrl" configuration file options. * New features for the Windows platform - Added client mode allowing authenticated users to view logs, reconfigure and terminate running stunnel services. - Added support for multiple GUI and service instances distinguised by the location of stunnel.conf. - Improved log window scrolling. - Added a new 'Pause auto-scroll' GUI checkbox. - Double click on the icon tray replaced with single click. - OpenSSL DLLs updated to version 3.0.1. * Other new features - Rewritten the testing framework in python (thx to Peter Pentchev for inspiration and initial framework). - Added support for missing SSL_set_options() values. - Updated stunnel.spec to support RHEL8. * Bugfixes - Fixed OpenSSL 3.0 build. - Fixed reloading configuration with "systemctl reload stunnel.service". - Fixed incorrect messages logged for OpenSSL errors. - Fixed printing IPv6 socket option defaults on FreeBSD. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 91ea0ca6482d8f7e7d971ee64ab4f86a2817d038a372f0893e28315ef2015d7a stunnel-5.61.tar.gz 19c5ff1f4101af1e69585328303c14249db2ec9063542101ca31edb6f6cc502f stunnel-5.61-win64-installer.exe 928ec94690564498bf523228946b2cdc90c7e346d6f0baf1f71b76cbe769b96c stunnel-5.61-android.zip Best regards, Mike OpenPGP_signature Description: OpenPGP digital signature
stunnel 60 released
Dear Users, I have released version 5.60 of stunnel. ### Version 5.60, 2021.08.16, urgency: LOW * New features - New 'sessionResume' service-level option to allow or disallow session resumption - Added support for the new SSL_set_options() values. - Download fresh ca-certs.pem for each new release. * Bugfixes - Fixed 'redirect' with 'protocol'. This combination is not supported by 'smtp', 'pop3' and 'imap' protocols. - Enforced minimum WIN32 log window size. - Fixed support for password-protected private keys with OpenSSL 3.0 (thx to Dmitry Belyavskiy). Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: c45d765b1521861fea9b03b425b9dd7d48b3055128c0aec673bba5ef9b8f787d stunnel-5.60.tar.gz 190b79cb94a4f70f362e44c32d150edf8ae660734d3fa0cbd990c3821e8f3083 stunnel-5.60-win64-installer.exe bac9bb4503cc5091d78c9deb6aa013fc07e39d67db0dfcc073b098db52f54427 stunnel-5.60-android.zip Best regards, Mike OpenPGP_signature Description: OpenPGP digital signature
stunnel 5.59 released
Dear Users, I have released version 5.59 of stunnel. ### Version 5.59, 2021.04.05, urgency: HIGH * Security bugfixes - OpenSSL DLLs updated to version 1.1.1k. * New features - Client-side "protocol = ldap" support (thx to Bart Dopheide and Seth Grover). * Bugfixes - The test suite fixed not to require external connectivity. - Fixed paths in generated manuals (thx to Tatsuki Makino). - Fixed configuration reload when compression is used. - Fixed compilation with early releases of OpenSSL 1.1.1. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 137776df6be8f1701f1cd590b7779932e123479fb91e5192171c16798815ce9f stunnel-5.59.tar.gz c45fa3f70ecf0628d1f5985f2c11fedfc989bbc64db857def82ca7ee602fd8e0 stunnel-5.59-win64-installer.exe b56d91493631ff2b18e3e596fbb491892847f5671335c3f5e2307e174742ae44 stunnel-5.59-android.zip Best regards, Mike
stunnel 5.58 released
Dear Users, I have released version 5.58 of stunnel. This release fixes another security bug in the "redirect" option. ### Version 5.58, 2021.02.20, urgency: HIGH * Security bugfixes - The "redirect" option was fixed to properly handle unauthenticated requests (thx to Martin Stein). - Fixed a double free with OpenSSL older than 1.1.0 (thx to Petr Strukov). - OpenSSL DLLs updated to version 1.1.1j. * New features - New 'protocolHeader' service-level option to insert custom 'connect' protocol negotiation headers. This feature can be used to impersonate other software (e.g. web browsers). - 'protocolHost' can also be used to control the client SMTP protocol negotiation HELO/EHLO value. - Initial FIPS 3.0 support. * Bugfixes - X.509v3 extensions required by modern versions of OpenSSL are added to generated self-signed test certificates. - Fixed a tiny memory leak in configuration file reload error handling (thx to Richard Könning). - Merged Debian 05-typos.patch (thx to Peter Pentchev). - Merged with minor changes Debian 06-hup-separate.patch (thx to Peter Pentchev). - Merged Debian 07-imap-capabilities.patch (thx to Ansgar). - Merged Debian 08-addrconfig-workaround.patch (thx to Peter Pentchev). - Fixed tests on the WSL2 platform. - NSIS installer updated to version 3.06 to fix a multiuser installation bug on some platforms, including 64-bit XP. - Fixed engine initialization (thx to Petr Strukov). - FIPS TLS feature is reported when a provider or container is available, and not when FIPS control API is available. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: d4c14cc096577edca3f6a2a59c2f51869e35350b3988018ddf808c88e5973b79 stunnel-5.58.tar.gz 92055a006a0d178a25cc29ef681ae32d4cea3075c096abc893c92ba6285d6908 stunnel-5.58-win64-installer.exe 57c313ee8b42da42265b33fb91555a58c1f1b94f5e93a389c310e37a87f2013c stunnel-5.58-android.zip Best regards, Mike OpenPGP_signature Description: OpenPGP digital signature
stunnel 5.57 released
Dear Users, I have released version 5.57 of stunnel. This is a security release. Make sure to upgrade if you use the "redirect" option. ### Version 5.57, 2020.10.11, urgency: HIGH * Security bugfixes - The "redirect" option was fixed to properly handle "verifyChain = yes" (thx to Rob Hoes). - OpenSSL DLLs updated to version 1.1.1h. * New features - New securityLevel configuration file option. - FIPS support for RHEL-based distributions. - Support for modern PostgreSQL clients (thx to Bram Geron). - Windows tooltip texts updated to mention "stunnel". - TLS 1.3 configuration updated for better compatibility. * Bugfixes - Fixed a transfer() loop bug. - Fixed memory leaks on configuration reloading errors. - DH/ECDH initialization restored for client sections. - Delay startup with systemd until network is online. - bin\libssp-0.dll removed when uninstalling. - A number of testing framework fixes and improvements. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: af5ab973dde11807c38735b87bdd87563a47d2fa1c72a07929fcfce80a600fe1 stunnel-5.57.tar.gz 6bcabe757e72a26463b054e7bf14d661b3a6734b4fa60dced491de170008d78c stunnel-5.57-win64-installer.exe 8bae28d1376a70df69f5d47c41ebb95443934ac6efb058aaa9ae299a391c83e0 stunnel-5.57-android.zip Best regards, Mike signature.asc Description: OpenPGP digital signature
stunnel 5.56 released
Dear Users, I have released version 5.56 of stunnel. ### Version 5.56, 2019.11.22, urgency: HIGH * New features - Various text files converted to Markdown format. * Bugfixes - Support for realpath(3) implementations incompatible with POSIX.1-2008, such as 4.4BSD or Solaris. - Support for engines without PRNG seeding methods (thx to Petr Mikhalitsyn). - Retry unsuccessful port binding on configuration file reload. - Thread safety fixes in SSL_SESSION object handling. - Terminate clients on exit in the FORK threading model. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 7384bfb356b9a89ddfee70b5ca494d187605bb516b4fff597e167f97e2236b22 stunnel-5.56.tar.gz e9d7dea3976219f0fc89cfb4f645f47b1291ebec8ce55cff46dbbfbb2e9b4084 stunnel-5.56-win64-installer.exe d8a5e359c7102b3c9619fca6b4ffbb39c16a9779dcecb426f204a7857cb33f67 stunnel-5.56-android.zip Best regards, Mike signature.asc Description: OpenPGP digital signature
stunnel 5.55 released
Dear Users, I have released version 5.55 of stunnel. This release addresses a number of important Windows issues, including security vulnerabilities. Version 5.55, 2019.06.10, urgency: HIGH * Security bugfixes - Fixed a Windows local privilege escalation vulnerability caused insecure OpenSSL cross-compilation defaults. Successful exploitation requires stunnel to be deployed as a Windows service, and user-writable C:\ folder. This vulnerability was discovered and reported by Rich Mirch. - OpenSSL DLLs updated to version 1.1.1c. * Bugfixes - Implemented a workaround for Windows hangs caused by its inability to the monitor the same socket descriptor from multiple threads. - Windows configuration (including cryptographic keys) is now completely removed at uninstall. - A number of testing framework fixes and improvements. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 90de69f41c58342549e74c82503555a6426961b29af3ed92f878192727074c62 stunnel-5.55.tar.gz e586b68da9e4faedf41cbcc8378402d7b188bb25b1f0f3cd1f2ce68620ef9e29 stunnel-5.55-win64-installer.exe 7af80d424986149629aad7d75710400f58ba259042c58557adf743627b5c8e3c stunnel-5.55-android.zip Best regards, Mike signature.asc Description: OpenPGP digital signature
Re: [openssl-users] stunnel 5.46 released
On 05/31/2018 06:15 AM, Viktor Dukhovni wrote: > I expect there are still plenty of LTS RedHat systems that > ship without EC support, though yes anything reasonably > up to date, will have EC support. AFAIR EC cipher suites were introduced in OpenSSL 1.0.0, so those LTS systems must be using OpenSSL 0.9.x. In 2018 this is asking for trouble, and a clear evidence that they don't care about security... > Ultimately of course up to you and your users, I think I've > made my case as well as I could. Good luck. Indeed. Thank you. I highly appreciate your input. Defining an acceptable security margin for algorithms is tough, especially with QC predictions in mind... Best regards, Mike signature.asc Description: OpenPGP digital signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] stunnel 5.46 released
On 05/29/2018 01:48 AM, Viktor Dukhovni wrote: > I am rather puzzled as to why you chose to eliminate > not just fixed DH, but also the ephemeral finite-field > DH key exchange. What's wrong with the DHE ciphers? Mostly precomputation attacks: https://weakdh.org/logjam.html Those parameters are "ephemeral", but not really unique for each TLS session. They are also quite slow compared to their EC counterparts... > I would have chosen: > > HIGH:!aNULL:!kDH:!kECDH:!MD5 > > which excludes the *fixed* DH/ECDH ciphers and MD5 > (and thus also SSLv2). This does not eliminate > ephemeral finite-field DH, not sure why you're doing > that... Actually the only MD5 vulnerability is collisions. This may be a threat for some CAs that use predictable serial numbers, but there are no known risk for HMACs as used in TLS cipher suites. Also, excluding kECDH cipher suites sounds like a good idea indeed. Best regards, Mike -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] stunnel 5.44 released
Dear Users, I have released version 5.44 of stunnel. It is a bugfix release. I recommend updating to this version. Version 5.44, 2017.11.26, urgency: MEDIUM * New features - Signed Win32 executables, libraries, and installer. * Bugfixes - Default accept address restored to INADDR_ANY. - Fixed a race condition in "make check". - Fixed removing the pid file after configuration reload. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 990a325dbb47d77d88772dd02fbbd27d91b1fea3ece76c9ff4461eca93f12299 stunnel-5.44.tar.gz 4099650ae7be17b81412a0d4caa91db19c8678c8d8d2975398814e583f4c51aa stunnel-5.44-win32-installer.exe 643365b53ee6f16f87a902c3df849209155e603f02f7a761fc2457c89e5ac243 stunnel-5.44-android.zip Best regards, Mike signature.asc Description: OpenPGP digital signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] stunnel 5.43 released
Dear Users, I have released version 5.43 of stunnel. Version 5.43, 2017.11.05, urgency: LOW * New features - OpenSSL DLLs updated to version 1.0.2m. - Android build updated to OpenSSL 1.1.0g. - Allow for multiple "accept" ports per section. - Self-test framework (make check). - Added config load before OpenSSL init (thx to Dmitrii Pichulin). - OpenSSL 1.1.0 support for Travis CI. - OpenSSL 1.1.1-dev compilation fixes. * Bugfixes - Fixed a memory fault on Solaris. - Fixed round-robin failover in the FORK threading model. - Fixed handling SSL_ERROR_ZERO_RETURN in SSL_shutdown(). - Minor fixes of the logging subsystem. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 05915babf705a0494886a72a7367913d403d07fc908ebb7b380d639e2d8bcee2 stunnel-5.43.tar.gz 5249479d295f482ecac9cd3d5c89c0e5d41ae6ff8e265d4634ecfd8761834201 stunnel-5.43-win32-installer.exe e628fa7027d19bf4f0a62392f9dc042d97959498c292e13ebdf30c65a545dd6d stunnel-5.43-android.zip Best regards, Mike signature.asc Description: OpenPGP digital signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] stunnel 5.42 released
Dear Users, I have released version 5.42 of stunnel. Version 5.42, 2017.07.16, urgency: HIGH * New features - "redirect" also supports "exec" and not only "connect". - PKCS#11 engine DLL updated to version 0.4.7. * Bugfixes - Fixed premature cron thread initialization causing hangs. - Fixed "verifyPeer = yes" on OpenSSL <= 1.0.1. - Fixed pthreads support on OpenSolaris. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 1b6a7aea5ca223990bc8bd621fb0846baa4278e1b3e00ff6eee279cb8e540fab stunnel-5.42.tar.gz f3d612b907e2562182c574353c11ce793a3957b88266d5ace0fa99a05d4325e8 stunnel-5.42-win32-installer.exe 9cac7f5b8a11f6d730253e7eb8550f0924af3010fef3149698b174617ee41ccf stunnel-5.42-android.zip Best regards, Mike signature.asc Description: OpenPGP digital signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] stunnel 5.41 released
Dear Users, I have released version 5.41 of stunnel. Version 5.41, 2017.04.01, urgency: MEDIUM * New features - PKCS#11 engine DLL updated to version 0.4.5. - Default engine UI set with ENGINE_CTRL_SET_USER_INTERFACE. - Key file name added into the passphrase console prompt. - Performance optimization in memory leak detection. * Bugfixes - Fixed crashes with the OpenSSL 1.1.0 branch. - Fixed certificate verification with "verifyPeer = yes" and "verifyChain = no" (the default), while the peer only returns a single certificate. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: f05c6321ee1f6ddebacc234ccf20825971941e831b5beea6d0ce0b8e1668148f stunnel-5.41.tar.gz f0e8aa9abf3cddae70d0c0596ab44f64f4e3964e299177b3adf4c63a5d0f960b stunnel-5.41-win32-installer.exe 218ec5714071901179139afbc4af846231ae32594765a4c06abaf05f05144e34 stunnel-5.41-android.zip Best regards, Mike signature.asc Description: OpenPGP digital signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] stunnel 5.40 released
Dear Users, I have released version 5.40 of stunnel. Version 5.40, 2017.01.28, urgency: HIGH * Security bugfixes - OpenSSL DLLs updated to version 1.0.2k. https://www.openssl.org/news/secadv/20170126.txt * New features - DH ciphersuites are now disabled by default. - The daily server DH parameter regeneration is only performed if DH ciphersuites are enabled in the configuration file. - "checkHost" and "checkEmail" were modified to require either "verifyChain" or "verifyPeer" (thx to Małorzata Olszówka). * Bugfixes - Fixed setting default ciphers. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 23acdb390326ffd507d90f8984ecc90e0d9993f6bd6eac1d0a642456565c45ff stunnel-5.40.tar.gz c55548ffe073ddcea61ff938dbbbc66a7dce3be6f70c10ba578b33d18aa1f234 stunnel-5.40-win32-installer.exe c7c4bb78689d3111e362e3b1e859aa9293809b4720b814810b8cdd6963fc17b1 stunnel-5.40-android.zip Best regards, Mike signature.asc Description: OpenPGP digital signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] stunnel 5.39 released
Dear Users, I have released version 5.39 of stunnel. Version 5.39, 2017.01.01, urgency: LOW * New features - PKCS#11 engine (pkcs11.dll) added to the Win32 build. - Per-destination TLS session cache added for the client mode. - The new "logId" parameter "process" added to log PID values. - Added support for the new SSL_set_options() values. - Updated the manual page. - Obsolete references to "SSL" replaced with "TLS". * Bugfixes - Fixed "logId" parameter to also work in inetd mode. - "delay = yes" properly enforces "failover = prio". - Fixed fd_set allocation size on Win64. - Fixed reloading invalid configuration file on Win32. - Fixed resolving addresses with unconfigured network interfaces. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 288c087a50465390d05508068ac76c8418a21fae7275febcc63f041ec5b04dee stunnel-5.39.tar.gz 2acacc912d87c4fc8506e70d00ac514526ee80d1996bdf0a56f00383e43a49a9 stunnel-5.39-win32-installer.exe 0a1a5e4c3c30067d9d07f27cd55a2f7d59359770ed751384e374a79cdae57913 stunnel-5.39-android.zip Best regards, Mike signature.asc Description: OpenPGP digital signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] stunnel 5.38 released
Dear Users, I have released version 5.38 of stunnel. Version 5.38, 2016.11.26, urgency: MEDIUM * New features - "sni=" can be used to prevent sending the SNI extension. - The AI_ADDRCONFIG resolver flag is used when available. - Merged Debian 06-lfs.patch (thx Peter Pentchev). * Bugfixes - Fixed a memory allocation bug causing crashes with OpenSSL 1.1.0. - Fixed error handling for mixed IPv4/IPv6 destinations. - Merged Debian 08-typos.patch (thx Peter Pentchev). Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 09ada29ba1683ab1fd1f31d7bed8305127a0876537e836a40cb83851da034fd5 stunnel-5.38.tar.gz 8480dd90fbba19324f916267d38835e631b28ffd6b11f9526319c5e8399f4a2f stunnel-5.38-installer.exe 3d77a3becb6d123eaf3c9abba0ba8b96c1893bdad534710dc7094b5449cfc795 stunnel-5.38-android.zip Best regards, Mike signature.asc Description: OpenPGP digital signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] stunnel 5.37 released
Dear Users, I have released version 5.37 of stunnel. Version 5.37, 2016.11.06, urgency: MEDIUM * Bugfixes - OpenSSL DLLs updated to version 1.0.2j (stops crashes). - The default SNI target (not handled by any slave service) is handled by the master service rather than rejected. - Removed thread synchronization in the FORK threading model. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: d0e3530e3effc64fdec792c71791d4937c6b8bd3b9ea4895c6bb6526dcd0d241 stunnel-5.37.tar.gz b1015afdfc536312b9e3556483c9bfeefd9e29d6f483d305459033272adcf4ad stunnel-5.37-installer.exe 4bda9b0116676fec7533b3c1e40b9d24f0722e6317c59be4831c19102f4a925c stunnel-5.37-android.zip Best regards, Mike signature.asc Description: OpenPGP digital signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] stunnel 5.36 released
Dear Users, I have released version 5.36 of stunnel. Version 5.36, 2016.09.22, urgency: HIGH * Security bugfixes - OpenSSL DLLs updated to version 1.0.2i. https://www.openssl.org/news/secadv_20160922.txt * New features - Added support for OpenSSL 1.1.0 built with "no-deprecated". - Removed direct zlib dependency. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: eb8952fcfdfcdf5056a1f1a78e1ec5014b819c5f5f7599b924dc4490ffe4b5ea stunnel-5.36.tar.gz 0164a45812ee2292574f898b1526062c2fbeccbb9c4e679a120b16e3284d2b0e stunnel-5.36-installer.exe a82c3978e113ecc55caefa5f169f622048f6aa434e6620e78e5d88a1885a3d69 stunnel-5.36-android.zip Best regards, Mike signature.asc Description: OpenPGP digital signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] stunnel 5.35 released
Dear Users, I have released version 5.35 of stunnel. The ChangeLog entry: Version 5.35, 2016.07.18, urgency: HIGH * Bugfixes - Fixed incorrectly enforced client certificate requests. - Only default to SO_EXCLUSIVEADDRUSE on Vista and later. - Fixed thread safety of the configuration file reopening. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: ffa386ae4c825f35f35157c285e7402a6d58779ad8c3822f74a9d355b54aba1d stunnel-5.35.tar.gz 36e70e109d0283cd55c416eb261234f4c1b165409e1805df369bc774551f965c stunnel-5.35-installer.exe e671a4716fd36bde67850cdb5d17f54ee32b6afec9ad4ea6825d00f72a741cc5 stunnel-5.35-android.zip Best regards, Mike signature.asc Description: OpenPGP digital signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] stunnel 5.35 released
Dear Users, I have released version 5.35 of stunnel. The ChangeLog entry: Version 5.35, 2016.07.18, urgency: HIGH * Bugfixes - Fixed incorrectly enforced client certificate requests. - Only default to SO_EXCLUSIVEADDRUSE on Vista and later. - Fixed thread safety of the configuration file reopening. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: ffa386ae4c825f35f35157c285e7402a6d58779ad8c3822f74a9d355b54aba1d stunnel-5.35.tar.gz 36e70e109d0283cd55c416eb261234f4c1b165409e1805df369bc774551f965c stunnel-5.35-installer.exe e671a4716fd36bde67850cdb5d17f54ee32b6afec9ad4ea6825d00f72a741cc5 stunnel-5.35-android.zip Best regards, Mike signature.asc Description: OpenPGP digital signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] stunnel 5.34 released
Dear Users, I have released version 5.34 of stunnel. This release includes a major security bugfix. The ChangeLog entry: Version 5.34, 2016.07.05, urgency: HIGH * Security bugfixes - Fixed malfunctioning "verify = 4". * New features - Bind sockets with SO_EXCLUSIVEADDRUSE on WIN32. - Added three new service-level options: requireCert, verifyChain, and verifyPeer for fine-grained certificate verification control. - Improved compatibility with the current OpenSSL 1.1.0-dev tree. Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 78668a84a5a01188dddfcecb37d8c69a4c725dc3b476fbbd294e86741a55 stunnel-5.34.tar.gz abddf49a02e810bf618884f6ac8fde2c1e59bda73c65c4fd9a82b724524b4d9f stunnel-5.34-installer.exe 6ae4aa536b9083da69b5e8905c85f4655db9ebfc95b79c8a67adbf309181c10d stunnel-5.34-android.zip Best regards, Mike signature.asc Description: OpenPGP digital signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] stunnel 5.33 released
Dear Users, I have released version 5.33 of stunnel. This release fixes a memory leak. Upgrade is highly recommended. The ChangeLog entry: Version 5.33, 2016.06.23, urgency: HIGH * New features - Improved memory leak detection performance and accuracy. - Improved compatibility with the current OpenSSL 1.1.0-dev tree. - SNI support also enabled on OpenSSL 0.9.8f and later (thx to Guillermo Rodriguez Garcia). - Added support for PKCS #12 (.p12/.pfx) certificates (thx to Dmitry Bakshaev). * Bugfixes - Fixed a TLS session caching memory leak (thx to Richard Kraemer). Before stunnel 5.27 this leak only emerged with sessiond enabled. - Yet another WinCE socket fix (thx to Richard Kraemer). - Fixed passphrase/pin dialogs in tstunnel.exe. - Fixed a FORK threading build regression bug. - OPENSSL_NO_DH compilation fix (thx to Brian Lin). Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 7f54636d1e00864fd4d6bdda0bef60b8aaf24350cf02f89dfd2ac7967c052c73 stunnel-5.33.tar.gz facd42d19b78e3b4c3a8fb207577c5ba142a5d98ccbc7c0fd3c44b49f65b2235 stunnel-5.33-installer.exe 82fa7e723d7e226a797626dd43d5eb08ee2298b11ae9c1a7589ee9e121e6edfa stunnel-5.33-android.zip Best regards, Mike signature.asc Description: OpenPGP digital signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] stunnel 5.32 released
Dear Users, I have released version 5.32 of stunnel. The ChangeLog entry: Version 5.32, 2016.05.03, urgency: HIGH * Security bugfixes - OpenSSL DLLs updated to version 1.0.2h. https://www.openssl.org/news/secadv_20160503.txt * New features - New "socket = a:IPV6_V6ONLY=yes" option to only bind IPv6. - Memory leak detection. - Improved compatibility with the current OpenSSL 1.1.0-dev tree. - Added/fixed Red Hat scripts (thx to Andrew Colin Kissa). * Bugfixes - Workaround for a WinCE sockets quirk (thx to Richard Kraemer). - Fixed data alignment on 64-bit MSVC (thx to Yuris W. Auzins). Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 0ee64774d7a720f3ffd129b08557ee0882704c7f65b859c40e315a175b68a6fd stunnel-5.32.tar.gz 6e79f3e6f811f4efdbac65c2ce475db93aa4033e71e93a8bbc5c5a08036f932a stunnel-5.32-installer.exe bdb15e548c7985b01cadb21939d71f450aa044dcd955b97648821298ac1eeea1 stunnel-5.32-android.zip Best regards, Mike signature.asc Description: OpenPGP digital signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] SSL_COMP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 12.01.2016 20:18, Viktor Dukhovni wrote: >> On Jan 12, 2016, at 4:05 AM, Michal Trojnara >>wrote: I guess openssl/ssl.h should >> be modified to include: typedef struct ssl_comp_st SSL_COMP; >> DEFINE_STACK_OF(SSL_COMP) > > Try a more recent git commit. This should be fixed now. It works. Thank you. Best regards, Mike -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJWlVdRAAoJEC78f/DUFuAUbfIQAMrWPpm37y3/qajjOmvN+ZX4 uke0FFWyMY94DrsSFcL6GjdLa6T1/LvuyDELVn+lujPlMMGq8zApSyQ5Qnsz3Vbq oosKVga1jpCgJasx8aas4kk6faiggNrk+THjIC5GZtMlqLN/o/cC5SDQgYKQ0UBA PZRaywTbS37Sdu8gldu0mL46SqGhwyeUV/dNeAvKiB1Bimb4HZMYM3cqs6dabBfr pw7ymJIa99rSKx4DureWZ+vIrtHyfFm34QT9JB0A+3qqj8m0B8DG71ljsUSbAu7p YIz1QJ3Aj1qOqWC76JEVtw/754/YKOnWFtapt1A09C9Cxo3DxFFHEwhmiJYHjPu/ 0WZbnw91PU9KjEqJ+f6ELxyTT315WjxT2pypgDKw/E1EIetQoaOGukMW1UnTTVJY UKSsotkNoDT5mrFcfW355KorvXmguKcd3rKT+6gC6zW0CO1pGmCunyp9hSm7K5l1 +pb1cRNDGYIn6jDPJuqCameTFsYx2YGYYGK41k6Bu9kyF8xzWnys26U+aIs4Ib6k IXToIjDF52gVGS1UQYrz08QsVV3XnI47Q/+FIOlY9oOEMHISQvytIJp7kVaUNZ1Z 0g6g7xEQgn53LMai45htTkzR4Sv15rQDYvXr6IU9KmiCKWUhVmJVa1hTaVAeO8ZX 6i+qE6WzyHUC8qLnuoaL =4EYu -END PGP SIGNATURE- ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] stunnel 5.29 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dear Users, I have released version 5.29 of stunnel. The ChangeLog entry: Version 5.29, 2016.01.08, urgency: LOW * New features - New WIN32 icons. - Performance improvement: rwlocks used for locking with pthreads. * Bugfixes - Compilation fix for *BSD. - Fixed configuration file reload for relative stunnel.conf path on Unix. - Fixed ignoring CRLfile unless CAfile was also specified (thx to Strukov Petr). Home page: https://www.stunnel.org/ Download: https://www.stunnel.org/downloads.html SHA-256 hashes: 43909625403ea634fa7cb8399d58faf8e7f11c1b7b29097491469951f56df551 stunnel-5.29.tar.gz c92ccc98cc9eb0c5d95d9550af39ab502e7ea45ed4d9ccc821aa261856f958b1 stunnel-5.29-installer.exe f9db8676e8e2ec6db355bae41eb625eb8ebd45a836ad8cbf06ce60a3c305fde2 stunnel-5.29-android.zip Best regards, Mike -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJWkFGaAAoJEC78f/DUFuAUGocQAMgblKTHppSpRurlkCZtjNDh p/M7IqxzfqCczIUuG1zdPVyk7lcW3jhFHXsfjTcch56YH6FtMcezUv8Wa8LojNjY iY1uSbWyAmdsV5ye+Z4SWybwOfS53i5IK9Fnb3UE1CmcETxsI56AWzVLG0w8jsGH HwRB3+J/aVS+VqOeNO4VW53yzvT73k3tvPDAKu7NFRrmhvJ9vk7BkgL/WJ/1oK5D 480eLHoT0phe/Xl2cMaOJDXBnU0dAfDieM5IWwL+jAqWhsEeTgK8n92FbAqFB6T6 GkhJGfgc0olSlQkCo7Iz3Q8mh65NpEYNoZGIT2VelalXOM2lyeL4vuwfbGiomalW N3Mt1xNXuneX77E0rOM2rlnzoaG9FulcDHp/Ie9plOyO6OyimFMKU1Xg9lJSCU2B iTu6F0FvptduPU3e6rE1FSxMII0lzMo6oDHFggK5YlitJJKPOoGLfW2T4SjYlsmw BirrEO9j/OvOqLT5ovMCJUVLXZrrjKkoCQoZI7p8r1rPJlsdC4QeRb0p9wJAGdAJ pS3w1HEgcXMUf/xS130nM2euftu0Td3Qi1tqXnDgtbSkwEN1T0tP3xiD1D++BzMf TzMivlWyerjOEuBMCRwcKMsrIr8+seSdLzUIISJ8EwCGWUq0p1l4KXYs5EofNJKI gIZdYXEX46WlR+dl7aZC =IchS -END PGP SIGNATURE- ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: problems
Kelly Phinney wrote: I downloaded OPENSSL because I was getting an error message: stunnel-4.10.exe-ordinal not found I am not getting that message anymore but now I am getting this message upon startup: stunnel-4.10.exe.-application error the application failed to initialize properly (0xc0150002). click to terminate the application. Do you know how I can fix this?? What about upgrading your stunnel? Version 4.10 is over 3 years old. http://stunnel.mirt.net/ Best regards, Mike __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
stunnel 4.24 released
Dear Users, I have just released a new version of stunnel, which fixes a security issue in the OCSP functionality. The bug allows a revoked certificate to successfully authenticate. Any installations with OCSP enabled should be upgraded ASAP. Other users are not affected. Home page/download: http://stunnel.mirt.net/ sha1sum for stunnel-4.24.tar.gz file: ec6db4080199d11e020b780da0f1cc37d37d9233 Best regards, Mike __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
stunnel 4.22 released (Black Hat Europe edition)
Dear Users, I have just released a new version of stunnel. This is mostly a bugfix release and I recommend to schedule an upgrade. Please find below the ChangeLog entry: Version 4.22, 2008.03.28, urgency: MEDIUM: * New features - Makefile was updated to use standard autoconf variables: sysconfdir, localstatedir and pkglibdir. - A new global option to control logging to syslog: syslog = yes|no Simultaneous logging to a file and the syslog is now possible. - A new service level option to control stack size: stack = number of bytes * Bugfixes - Restored chroot() to be executed after decoding numerical userid and groupid values in drop_privileges(). - A few bugs fixed the in the new libwrap support code. - TLSv1 method used by default in FIPS mode instead of SSLv3 client and SSLv23 server methods. - OpenSSL GPL license exception update based on http://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs Home page/download: http://stunnel.mirt.net/ sha1sum for stunnel-4.22.tar.gz file: 452d0068bcae39afe7401216153986f3af810e37 Best regards, Mike __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]