Release Notes: FIPS-compliant OpenSSL DLLs are supplied with the Windows installer. FIPS mode can be disabled with the "fips = no" configuration file option. The stability of the Windows GUI was also improved.
Release Notes: This release adds Unix socket support (e.g., "connect = /var/run/stunnel/socket") and a new certificate verification mode ("verify = 4") to ignore the CA chain and only verify the peer certificate. It also includes some performance and scalability optimizations, and compilation bugfixes.
Release Notes: New "protocol = proxy" support was added to send the original client IP address to haproxy. This requires the accept-proxy bind option of haproxy 1.5-dev3 or later. A number of minor improvements and bugfixes were added, mostly related to Win32 GUI and compilation issues on various platforms.
Release Notes: Bugs in the new SNI and memory management code were fixed. Buffer overflow protection was implemented for heap allocations, and gcc buffer overflow protection was enabled for stack allocations.
Release Notes: Win32 OpenSSL DLLs were updated to version 1.0.0e. This version fixes Win32 configuration file reload. FORK and UCONTEXT threading models were corrected and thoroughly tested. Major performance optimization was performed on the logging subsystem.
Release Notes: This release fixes a Windows service crash of stunnel 4.40.
Release Notes: A Win32 GUI menu was added to save cached peer certificate chains. The Win32 "-exit" commandline option was added to stop stunnel when it is not running as a service. File version information was added to stunnel.exe. 2048-bit DH hardcoded parameters are used as a fallback if DH parameters are not provided in stunnel.pem. The default "ciphers" value was updated to prefer ECDH. The default ECDH curve was updated to "prime256v1". Support for temporary RSA keys (used in obsolete export ciphers) was removed.
Release Notes: A new Windows installer module was added to build a self-signed stunnel.pem. Configuration file editing and log file reopening were added to the Windows GUI. Configuration file reloading with the Windows GUI was improved.
Release Notes: Server Name Indication (SNI) TLS extension support was implemented for name-based virtual servers. Stunnel can now switch service section on the fly, based on the destination host name included in the Client Hello message. Numerous fixes were also added for bugs introduced in previous, experimental versions.
Release Notes: Win32 OpenSSL DLLs were updated to version 1.0.0d. Dynamic memory was introduced for management of string manipulation in order to prevent a static STRLEN limit and to lower stack footprint. Strict public key comparison was added for "verify = 3" certificate checking mode. Backlog parameter of listen(2) was changed from 5 to SOMAXCONN to improve behavior on heavy load. A number of bugs were fixed, including a memory leak and some Mac OS X compatibility fixes.