Yes, from INSTALL.FIPS in the stunnel tarball<br><br>stunnel FIPS install notes<br><br><br>Unix HOWTO:<br>FIPS mode is autodetected if possible. You can force it with:<br> ./configure --enable-fips<br>or disable with:<br>
./configure --disable-fips<br><br>WIN32 HOWTO:<br>* On 32-bit Windows install one of the following compilers:<br> - MSVC 8.0 (VS 2005) Standard or Professional Edition<br> - MSVC 9.0 (VS 2008) any edition including Express Edition<br>
* On 64-bit Windows install one of the following compilers:<br> - MSVC 8.0 (VS 2005) Standard or Professional Edition<br> - MSVC 9.0 (VS 2008) Standard or Professional Edition<br>* Build FIPS-compliant OpenSSL DLLS according to:<br>
<a href="http://www.openssl.org/docs/fips/UserGuide-1.2.pdf">http://www.openssl.org/docs/fips/UserGuide-1.2.pdf</a><br>* Build stunnel normally with MSVC or Mingw.<br> Mingw build requires DLL stubs. Stubs can be built with:<br>
dlltool --def ms/libeay32.def --output-lib libcrypto.a<br> dlltool --def ms/ssleay32.def --output-lib libssl.a<br><br><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Nov 5, 2012 at 4:18 PM, Michael Curran <span dir="ltr"><<a href="mailto:mike_curran@hotmail.com" target="_blank">mike_curran@hotmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><div dir="ltr">
Hello<br><br> I think there is a bit of confusion within my company on what stunnel can do in regards to FIPS 140-2 out of the box. I know there are configuration options that can enable or disable FIPS 140-2 mode, but as the man page indicates<br>
<br><dl><dt><strong><a name="13ad2710ab692eba_fips_yes_no"><strong>fips</strong> = yes | no</a></strong></dt><dd>
Enable or disable FIPS 140-2 mode.<br>
This option allows to disable entering FIPS mode if stunnel was compiled with
FIPS 140-2 support.<br>
default: yes<br></dd></dl>Which to me says I have to compile stunnel on my own using openssl with fips libraries to build a Stunnel binary that can support FIPS 140-2 compliance -- if I download just the windows or unix binaries and install them -- then I am not going to be 140-2 compliant where I set the config file to yes or no , since the FIPS modules wont be compiled into the binary.<br>
<br><br>I'm just looking for confirmation before I take this back to the rest of my group. <br><br><br><br>Thanks!!<span class="HOEnZb"><font color="#888888"><br><br><br>Michael Curran<br><br><br> </font></span></div>
</div>
<br>_______________________________________________<br>
stunnel-users mailing list<br>
<a href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a><br>
<a href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users" target="_blank">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a><br>
<br></blockquote></div><br></div>