HFS including SSl tools

[Fysack]

SilentPliz.. i thought you was dead..? so you have tventyOfour reply. That is something. Its just what i predicted brother. hehe. YOU are stuck with me for life 

..superlol

i remember in the ooooooooold days (super super oooooold days) (i dont even think i was born) i was a serm of cour,, no,, wait amin.., ahh..)) fuck it..

I got something new to say.. shit i forgot.. im gonna piss.. (00:18)

*back* 24

whre was i

ok, take it later bro

[SilentPliz]

11-05-2015     HFS 2.3e SSL 293f is online.

News:
-  Stable release
-  Stunnel 5.17 Compiled/running with OpenSSL 1.0.2a-fips

For users of a previous BUILD, update Stunnel with the "S" button

HFS 2.3e SSL #293f  :
http://silentpliz.perso.sfr.fr/hfs/hfs.293f.exe

Sources :
http://silentpliz.perso.sfr.fr/hfs/Sources_hfs/HFS_2.3e_SSL_293f-src.zip

[bmartino1]

11-05-2015     HFS 2.3e SSL 293f is online.

News:
-  Stable release
-  Stunnel 5.17 Compiled/running with OpenSSL 1.0.2a-fips

For users of a previous BUILD, update Stunnel with the "S" button

HFS 2.3e SSL #293f  :
http://silentpliz.perso.sfr.fr/hfs/hfs.293f.exe

Sources :
http://silentpliz.perso.sfr.fr/hfs/Sources_hfs/HFS_2.3e_SSL_293f-src.zip

Its a bit late to recommend this, but i can't help but post that when creating this post, it should have been only you post for the program silent Plz, with a link under to a "report problems forum post"... that way it would get so big going on "12 pages!)

Thank you for the hard work on this!

[1337GamingNinja]

I'm surprised that in my many years of using HFS I hadn't seen this thread. I personally already use STunnel with a CA provided SSL certificate to secure my server. I don't know if you have cipher settings set in STunnel but if you want to increase security (by disallowing less secure methods) I would suggest adding the following line to your stunnel.conf:

Code: [Select]

; Set Specific Ciphers
ciphers = ECDH+AESGCM:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:AES128-GCM-SHA256:!NULL:!eNULL:!aNULL:!DSS:!RC4:!DES:!3DES:-MEDIUM:-LOW

That will also make Google Chrome stop telling you that the connection is encrypted using obsolete cryptography.

[SilentPliz]

Thank you, I watch it whenever I can.

[bmartino1]

wel, its that time again... a new security path to open ssl:

--------------------
Original release date: June 12, 2015

OpenSSL has released updates addressing multiple vulnerabilities, one of which allows a remote attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography—an attack known as Logjam (CVE-2015-4000). Exploitation of some of these vulnerabilities could allow the attacker to read and modify data passed over the connection.

Updates available include:
•OpenSSL 1.0.2b for 1.0.2 users
•OpenSSL 1.0.1n for 1.0.1 users
•OpenSSL 1.0.0s for 1.0.0d (and below) users
•OpenSSL 0.9.8zg for 0.9.8r (and below) users

Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary updates.

OpenSSL Security Advisory: https://www.openssl.org/news/secadv_20150611.txt
updates: http://www.openssl.org/news/

https://opendec.wordpress.com/tag/openssl/

[SilentPliz]

15-06-2015     HFS 2.3e SSL 293g is online.

News:
-  Stable release
-  Stunnel 5.18 Compiled/running with OpenSSL 1.0.2b-fips 11 Jun 2015
-  Ciphers parameter (button C)

For users of a previous BUILD, update Stunnel with the "S" button

[SilentPliz]

17-06-2015     HFS 2.3e SSL 293h is online.

News:
-  Stable release
-  Stunnel 5.18 Compiled/running with OpenSSL 1.0.2b-fips 11 Jun 2015
-  Ciphers parameter (button C)

For users of a previous BUILD, update Stunnel with the "S" button

[bmartino1]

15-06-2015     HFS 2.3e SSL 293g is online.

News:
-  Stable release
-  Stunnel 5.18 Compiled/running with OpenSSL 1.0.2b-fips 11 Jun 2015
-  Ciphers parameter (button C)

For users of a previous BUILD, update Stunnel with the "S" button

17-06-2015     HFS 2.3e SSL 293h is online.

News:
-  Stable release
-  Stunnel 5.18 Compiled/running with OpenSSL 1.0.2b-fips 11 Jun 2015
-  Ciphers parameter (button C)

For users of a previous BUILD, update Stunnel with the "S" button

openssl version in this HFS:
1.0.2b-fips

I don't think i t matters to much, but openssl is using a"c" versions to fix minor bugs
OpenSSL 1.0.2c is now available, including bug fixes
https://www.openssl.org/news/

What i'm getting at is that i see no difference in the last two posts of files...

I assume it was a bug fix...

[SilentPliz]

19-06-2015     HFS 2.3e SSL 293i is online.

News:
-  Stable release
-  Stunnel 5.19 Compiled/running with OpenSSL 1.0.2c-fips 11 Jun 2015

For users of a previous BUILD, update Stunnel with the "S" button

[SilentPliz]

@bmartino


Hi!

I don't compile Stunnel myself ... so I have to wait every time the latest official release of Stunnel that includes the updates for OpenSSL.
Generally they are very reactive (one or two days after the release of OpenSSL).
This was the case between the publication of Stunnel 5.18 and 5.19.

The difference between the releases "293g" and "293h" I posted is in the default settings for ciphers that I had "forgotten" in the "293g". 

"The 293i" is up to date for OpenSSL.

[ataxy]

thank you for this mod of hsf, do you intend on updating it to the 2.3g version of hsf?

[bmartino1]

well, its that time again

Just thought i would post the new USCERT info

https://www.us-cert.gov/ncas/current-activity/2016/01/14/OpenSSH-Client-Vulnerability

https://www.kb.cert.org/vuls/id/456088
------------------------------------------------------------
I believe this is unaffected to this as the protocol sslv2 is disabled and the stunel in the current build is using tls protocol..., but for your information only:
as of marchMarch 1st, another vulnerability in open ssh, the solution is not to use ssl , the tool here has it disabled by default, but there was another vulnerability in ssl v2 that they found:
https://www.openssl.org/news/secadv/20160301.txt

more info form uscert ssl drwon atack confirmed...:
https://www.us-cert.gov/ncas/current-activity/2016/03/01/SSLv2-DROWN-Attack
https://www.kb.cert.org/vuls/id/583776

[LeoNeeson]

Thanks for the heads up bmartino1.

[bmartino1]

i still think This HFS stunnel is working properly adn is uptodate...

but its that time again
Available updates include:
OpenSSL 1.0.2h  for 1.0.2 users
OpenSSL 1.0.1t  for 1.0.1 users

----------------
National Cyber Awareness System:

OpenSSL Releases Security Updates
05/03/2016 02:17 PM EDT

Original release date: May 03, 2016
OpenSSL has released security updates to address vulnerabilities in previous versions. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.

Available updates include:

OpenSSL 1.0.2h  for 1.0.2 users
OpenSSL 1.0.1t  for 1.0.1 users
US-CERT encourages users and administrators to review the OpenSSL Security Advisory page and apply the necessary updates.
https://www.openssl.org/news/vulnerabilities.html