Hello,
As I understand it this is just a compliance mode. Compliance with the FIPS 140-2 U.S. standard http://en.wikipedia.org/wiki/FIPS_140-2
In some cases, I assume you might be required to run a FIPS 140-2 compliant setup. In which case your cryptographic libraries should be certified. AND there are some changes in configuration such as disabling non-fips approved ciphers and mac algorithms Example: Under FIPS mode MD5 and RC4 are not used. Then you can tell the gov. or whoever is asking you that you are following FIPS.
You can potentially achieve the same without having to enable FIPS. Just enable strong ciphers, disable MD5,RC4,SSLv2 etc. It is all outlined in the document.
I run stunnel at home and for personal use, so I have never had to do deep research into this, so this is my general understanding. If anyone would like to share a more complete answer that would be even better.
Thanks
----------------- Leandro Avila
________________________________ From: "dominic.schweizer@zkb.ch" dominic.schweizer@zkb.ch To: stunnel-users@stunnel.org Sent: Fri, February 18, 2011 3:09:27 AM Subject: [stunnel-users] fips=no
Hi All,
I have the problem that when I start Stunnel, the following error pops up:
FIPS_mode_set: 2D06C06E: error:2D06C06E:FIPS routines:FIPS_mode_set:fingerprint does not match
I now added in my config file: fips=no and it works.
My question is now, what is the difference between with fips and without fips?
stunnel version 4.34 openssl 0.9.8 redhat 5
Thanks in advance for the answer
Regards
Dominic
Freundliche Grüsse Dominic Schweizer Zürcher Kantonalbank Unix System Engineer, LIOEU
Neue Hard 9, 8005 Zürich Telefon 044 292 83 52, Fax 044 292 80 34 Briefadresse: Postfach 8010 Zürich, http://www.zkb.ch
Sie drucken dieses E-Mail nicht aus? Die Umwelt dankt!
___________________________________________________________________
Disclaimer :
Diese Mitteilung ist nur fuer die Empfaengerin / den Empfaenger bestimmt.
Fuer den Fall, dass sie von nichtberechtigten Personen empfangen wird, bitten wir diese hoeflich, die Mitteilung an die ZKB zurueckzusenden und anschliessend die Mitteilung mit allen Anhaengen sowie allfaellige Kopien zu vernichten bzw. zu loeschen. Der Gebrauch der Information ist verboten.
This message is intended only for the named recipient and may contain confidential or privileged information.
If you have received it in error, please advise the sender by return e-mail and delete this message and any attachments. Any unauthorised use or dissemination of this information is strictly prohibited.