On 23 Jul 2022 at 12:23, Jonathan Billings wrote: From: Jonathan Billings <billings@xxxxxxxxxx> Subject: Re: Question on Openssl and stunnel?? To: Community support for Fedora users <users@xxxxxxxxxxxxxxxxxxxxxxx> Date sent: Sat, 23 Jul 2022 12:23:48 -0400 Send reply to: Community support for Fedora users <users@xxxxxxxxxxxxxxxxxxxxxxx> > > > > On Jul 23, 2022, at 09:29, Michael D. Setzer II via users > <users@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > > > > Saw that Stunnel was updated, but Fedora repo has not > updated it since issues seem to be windows related. > > If you need a newer version, file a bug in bugzilla: Question is: How would I know if I need or would benefit from a newer version. Don't know if difference are criticle or not. Does the < Compiled with OpenSSL 1.1.1l FIPS 24 Aug 2021 < Running with OpenSSL 1.1.1q FIPS 5 Jul 2022 versus > Compiled/running with OpenSSL 1.1.1q FIPS 5 Jul 2022 Make a difference, or are both running with the just released verion q regardless of what they were compiled with?? Then difference in Threading? Redhat doesn't include the SYSTEMD?? < Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI --- > Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI Then the difference with ciphers settings. < ciphers = PROFILE=SYSTEM (with "fips = no") --- > ciphers = HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK (with "fips = no") Not an expert on the openssl or all the options. Had contacted the person from package that handles stunnel in repo. Said that updates were mostly windows related, so they would be sticking with 5.62 version as they had opted to skip the 5.63 and 5.64 updates. Then the openssl update to q came out. Perhaps the Running version makes the Compiled with meaningless, but then why does it report Compiled with? Again. Thanks for the quick reply.. > > https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSI > GNED&classification=Fedora&component=stunnel&product=Fedora&prod > uct=Fedora%20EPEL > > The difference you see are due to patches in the Fedora package that fix > some bugs and point it to use the configured ssl ciphers rather than > hard-coded in the build. > > See here: > > https://src.fedoraproject.org/rpms/stunnel/tree/rawhide > > -- > Jonathan Billings +------------------------------------------------------------+ Michael D. Setzer II - Computer Science Instructor (Retired) mailto:mikes@xxxxxxxx mailto:msetzerii@xxxxxxxxx Guam - Where America's Day Begins G4L Disk Imaging Project maintainer http://sourceforge.net/projects/g4l/ +------------------------------------------------------------+ _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
