5 Nov
2012
5 Nov
'12
9:34 p.m.
On 2012-11-05 22:18, Michael Curran wrote: > **fips* = yes | no*
Enable or disable FIPS 140-2 mode. This option allows to disable entering FIPS mode if stunnel was compiled with FIPS 140-2 support. default: yesWhich to me says I have to compile stunnel on my own using openssl with fips libraries to build a Stunnel binary that can support FIPS 140-2 compliance -- if I download just the windows or unix binaries and install them -- then I am not going to be 140-2 compliant where I set the config file to yes or no , since the FIPS modules wont be compiled into the binary.
My Windows binary is built to meet requirements of the OpenSSL FIPS security policy. AFAIK some other vendors also build with their binary distributions of stunnel with FIPS mode enabled.
BTW: "fips" option is only available when stunnel is built with FIPS support. FIPS mode is also clearly logged on startup.
Mike