The documentation on fips= seems ambiguous to me ... does leaving it at the default of "yes" /prevent/ FIPS 140-2 compliance mode, or mandate it? Or does it do something else I'm not understanding?
Basically, the q. is, what do you have to configure to ensure that you're operating in a FIPS 140-2 compliant manner (at least, as the version of OpenSSL libs bundled understood it)? Do you have to specify ciphers that are validated, etc.? Or just set that config option to "yes" ("no"?)?
And how can one tell if the stunnel binary in use was compiled with FIPS support active? (I'm using the Windows 4.33 binary d/l'ed from mirt.net).
Tia!
---- David G. Bucci
Chuck Norris can kick through all 6 degrees of separation, hitting anyone, anywhere, in the face, at any time. -- ChuckNorrisFacts.com