Opened 9 years ago
Closed 9 years ago
#6411 closed enhancement (fixed)
stunnel-5.15
Reported by: | Fernando de Oliveira | Owned by: | Fernando de Oliveira |
---|---|---|---|
Priority: | normal | Milestone: | 7.8 |
Component: | BOOK | Version: | SVN |
Severity: | normal | Keywords: | |
Cc: |
Description
Notice that URL is different from the book and probably better.
https://www.stunnel.org/downloads/stunnel-5.15.tar.gz
https://www.stunnel.org/downloads/stunnel-5.15.tar.gz.asc
https://www.stunnel.org/downloads/stunnel-5.15.tar.gz.sha256
58ff4645eb5d6bd64e6ddedaa683534302f75625c531e8a6364badcac0541cba
https://www.stunnel.org/sdf_ChangeLog.html
Version 5.15, 2015.04.16, urgency: LOW: • New features ◦ Added new service-level options "checkHost", "checkEmail" and "checkIP" for additional checks of the peer certificate subject. These options require OpenSSL version 1.0.2 or higher. ◦ Win32 binary distribution now ships with the Mozilla root CA bundle. This bundle is intended be used together with the new "checkHost" option to validate server certs accepted by Mozilla. ◦ New commandline options "-reload" to reload the configuration file and "-reopen" to reopen the log file of stunnel running as a Windows service (thx to Marc McLaughlin). ◦ Added session persistence based on negotiated TLS sessions. https://en.wikipedia.org/wiki/Load_balancing_%28computing%29#Persistence The current implementation does not support external TLS session caching with sessiond. ◦ MEDIUM ciphers (currently SEED and RC4) are removed from the default cipher list. ◦ The "redirect" option was improved to not only redirect sessions established with an untrusted certificate, but also sessions established without a client certificate. ◦ OpenSSL version checking modified to distinguish FIPS and non-FIPS builds. ◦ Improved compatibility with the current OpenSSL 1.1.0-dev tree. ◦ Removed support for OpenSSL versions older than 0.9.7. The final update for the OpenSSL 0.9.6 branch was 17 Mar 2004. ◦ "sessiond" support improved to also work in OpenSSL 0.9.7. ◦ Randomize the initial value of the round-robin counter. ◦ New stunnel.conf templates are provided for Windows and Unix. • Bugfixes ◦ Fixed compilation against old versions of OpenSSL. ◦ Fixed memory leaks in certificate verification.
Change History (2)
comment:1 by , 9 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:2 by , 9 years ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Fixed at r15846.