- #SETTING UP STUNNEL WITH PSK INSTALL#
- #SETTING UP STUNNEL WITH PSK UPDATE#
- #SETTING UP STUNNEL WITH PSK MANUAL#
Systemd socket activation (thx to Mark Theunissen). New featuresAsynchronous communication with the GUI thread for faster logging on Win32. Fixed compilation against old versions of OpenSSL.įixed memory leaks in certificate verification. New nf templates are provided for Windows and Unix. Randomize the initial value of the round-robin counter. Sessiond" support improved to also work in OpenSSL 0.9.7.
#SETTING UP STUNNEL WITH PSK UPDATE#
The final update for the OpenSSL 0.9.6 branch was. Removed support for OpenSSL versions older than 0.9.7. Improved compatibility with the current OpenSSL 1.1.0-dev tree. OpenSSL version checking modified to distinguish FIPS and non-FIPS builds.
The "redirect" option was improved to not only redirect sessions established with an untrusted certificate, but also sessions established without a client certificate. MEDIUM ciphers (currently SEED and RC4) are removed from the default cipher list. 28computing 29#Persistence The current implementation does not support external TLS session caching with sessiond. New commandline options "-reload" to reload the configuration file and "-reopen" to reopen the log file of stunnel running as a Windows service (thx to Marc McLaughlin).Īdded session persistence based on negotiated TLS sessions. This bundle is intended be used together with the new "checkHost" option to validate server certs accepted by Mozilla. Win32 binary distribution now ships with the Mozilla root CA bundle. These options require OpenSSL version 1.0.2 or higher. New features: Added new service-level options "checkHost", "checkEmail" and "checkIP" for additional checks of the peer certificate subject.
#SETTING UP STUNNEL WITH PSK MANUAL#
LSB compatibility fixes added to the stunnel.init script (thx to Peter Pentchev).įixed the manual page headers (thx to Gleydson Soares).
Generated temporary DH parameters are used for configuration reload instead of the static defaults. This bug was found to surface on Win32, but other platforms may also be affected.įixed removing the disabled taskbar icon. Signal pipe reinitialization added to prevent turning the main accepting thread into a busy wait loop when an external condition breaks the signal pipe. Optional debugging symbols are included in the Win32 installer.ĭocumentation updates. Warnings about insecure authentication were modified to include the name of the affected service section.Ī warning was added to stunnel.init if no pid file was specified in the configuration file (thx to Peter Pentchev). The SSL library detection algorithm was made a bit smarter. Xcode SDK is automatically used on MacOS X if no other locally installed OpenSSL directory is found.
poll(2) re-enabled on MacOS X 10.5 and later.
Compilation for OpenSSL version older than 1.0.0. Inactive ports were removed from the PORTS file.Īdded IPv6 support to the transparent proxy code. The ca-certs.pem file is now updated on stunnel upgrade. Win32 desktop is automatically refreshed when the icon is created or removed. Stunnel.cnf was renamed to openssl.cnf in order to to prevent users from mixing it up with nf.
#SETTING UP STUNNEL WITH PSK INSTALL#
This feature does not deploy the NT service, but it also does not require aministrative privileges to install and configure stunnel. The installer script provides automatic migration for common setups.Īdded Win32 installer option to install stunnel for the current user only. Reject SOCKS requests to connect loopback addresses. New features: Client-side support for the SOCKS protocol.
0 kommentar(er)
