On Wed, 9 Apr 2014 01:51:54 -0500 (CDT), Jack Ryan wrote in
The openssl heartbleed bug is server-side and enables an attacker to
read memory that potentially contains the secret key associated with the
X.509 certificate the server presents.

It doesn't effect stunnel directly but you should consider the service
you're connecting to as potentially compromised. You can check to see
if they've recently issued a new certificate like this:

Download the server-side certificate
openssl s_client -connect {HOSTNAME}:{PORT} -showcerts

Check the validity dates:
openssl x509 -noout -in {FILENAME} -dates

This doesn't prove they have fixed the problem but, if the cert is older
than 7th April, it's probable that they have not. It's not bombproof
though as other systems besides openssl might be used for the TLS
transaction so their private keys have never been vulnerable.

My Debian stable said it had to restart stunnel when I updated its
OpenSSL packages. :/
--
"The general, unable to control his irritation, will launch his men to
the assault like swarming ants, with the result that one-third of his
men are slain, while the town still remains untaken. Such are the
disastrous effects of a siege." --Chapter 3 in Sun Tzu's The Ancient Art
of War (Translated by Lionel Giles)
/\___/\ Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site)
/ /\ /\ \ Ant's Quality Foraged Links: http://aqfl.net
| |o o| |
\ _ / If crediting, then use Ant nickname and AQFL URL/link.
( ) If e-mailing, then axe ANT from its address if needed.
Ant is currently not listening to any songs on this computer.

"Jack Ryan" wrote in message news:***@remailer.cpunk.us...
Does anyone know?
===========
ANY application that establishes a secure TCP tunnel may be affected by the
bug if the heartbeat ping is enabled in the SSL library.