November 28th, 2011
· FIPS-compliant OpenSSL DLLs are supplied with the Windows installer.
· FIPS mode can be disabled with the "fips = no" configuration file option.
· The stability of the Windows GUI was also improved.
November 8th, 2011
· This version adds Unix socket support (e.g., "connect = /var/run/stunnel/socket") and a new certificate verification mode ("verify = 4") to ignore the CA chain and only verify the peer certificate.
· It also includes some performance and scalability optimizations, and compilation bugfixes.
October 25th, 2011
· New "protocol = proxy" support was added to send the original client IP address to haproxy.
· This requires the accept-proxy bind option of haproxy 1.5-dev3 or later.
· A number of minor improvements and bugfixes were added, mostly related to Win32 GUI and compilation issues on various platforms.
July 7th, 2011
· A new Windows installer module was added to build a self-signed stunnel.pem.
· Configuration file editing and log file reopening were added to the Windows GUI.
· Configuration file reloading with the Windows GUI was improved.
June 29th, 2011
· Server Name Indication (SNI) TLS extension support was implemented for name-based virtual servers.
· Stunnel can now switch service section on the fly, based on the destination host name included in the Client Hello message.
· Numerous fixes were also added for bugs introduced in previous, experimental versions.
February 8th, 2011New features:
· Updated Win32 DLLs for OpenSSL 1.0.0c.
· Transparent source (non-local bind) added for FreeBSD 8.x.
· Transparent destination ("transparent = destination") added for Linux.
· Fixed reload of FIPS-enabled stunnel.
· Compiler options are now auto-detected by ./configure script in order to support obsolete versions of gcc.
· Async-signal-unsafe s_log() removed from SIGTERM/SIGQUIT/SIGINT handler.
· CLOEXEC file descriptor leaks fixed on Linux >= 2.6.28 with glibc >= 2.10. Irreparable race condition leaks remain on other Unix platforms. This issue may have security implications on some deployments.
· Directory lib64 included in the OpenSSL library search path.
· Windows CE compilation fixes (thx to Pierre Delaage).
· Deprecated RSA_generate_key() replaced with RSA_generate_key_ex().
Domain name changes (courtesy of Bri Hatch):
· http://stunnel.mirt.net/ --> http://www.stunnel.org/
· ftp://stunnel.mirt.net/ --> http://ftp.stunnel.org/
· stunnel.mirt.net::stunnel --> rsync.stunnel.org::stunnel
· firstname.lastname@example.org --> email@example.com
· firstname.lastname@example.org --> email@example.com
March 24th, 2010New features:
· Win32 DLLs for OpenSSL 0.9.8m.
· Fixed a transfer() loop issue with SSLv2 connections.
· Fixed a "setsockopt IP_TRANSPARENT" warning with "local" option.
· Logging subsystem bugfixes and cleanup.
· Installer bugfixes for Vista and later versions of Windows.
· FIPS mode can be enabled/disabled at runtime.
September 21st, 2008
· Win32 DLLs have been updated to OpenSSL 0.9.8i.
· /etc/hosts.allow and /etc/hosts.deny no longer need to be copied to the chrooted directory, as the libwrap processes are no longer chrooted.
· A more informative error message is logged for invalid port number specified in the stunnel.conf file.
· Support for Microsoft Visual C++ 9.0 Express Edition was added.
· All libwrap processes are killed at stunnel shutdown.
· A minor bug in the stunnel.init sample SysV startup file was fixed.