Hello --

I am running the following commands to compile openssl (with FIPS support) and stunnel

* Base config for FIPS

cd openssl-fips-2.0.9

echo "./config"

./config

* OpenSSL with shared and custom install location

cd openssl-1.0.1m

echo "./config fips --openssldir=/usr/local/openssl-100 --with-fipslibdir=/usr/local/ssl/fips-2.0/lib"

./config fips shared --openssldir=/usr/local/openssl-100 --with-fipslibdir=/usr/local/ssl/fips-2.0/lib/

* Stunnel with FIPs (autodetect is working , I just added it to force it)

cd stunnel-5.09

echo "make clean"

make clean

echo "./configure --with-ssl=/usr/local/openssl-100 --disable-libwrap --enable-fips"

./configure --with-ssl=/usr/local/openssl-100 --disable-libwrap --enable-fips

You can see that my custom OpenSSL is reporting that it is built with -fips

root@host:/var/tmp# /usr/local/openssl-100/bin/openssl version

OpenSSL 1.0.1m-fips 19 Mar 2015

But when I'm done with all the compile options -- I only see the base version of OpenSSL 1.0.1m , and this same script with Stunnel 4.53 shows OpenSSL 1.0.1m-fips

Is there something I am missing during the configure for Stunnel that is causing it to NOT see openssl is compiled with FIPs?

root@host:/var/tmp# stunnel -version

stunnel 5.09 on x86_64-unknown-linux-gnu platform

Compiled with OpenSSL 1.0.1m 19 Mar 2015

Running with OpenSSL 1.0.1 14 Mar 2012

Update OpenSSL shared libraries or rebuild stunnel

Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI

Global options:

debug = daemon.notice

RNDbytes = 64

RNDfile = /dev/urandom

RNDoverwrite = yes

Service-level options:

ciphers = FIPS (with "fips = yes")

ciphers = HIGH:MEDIUM:+3DES:+DH:!aNULL:!SSLv2 (with "fips = no")

curve = prime256v1

options = NO_SSLv2

options = NO_SSLv3

sessionCacheSize = 1000

sessionCacheTimeout = 300 seconds

stack = 65536 bytes

TIMEOUTbusy = 300 seconds

TIMEOUTclose = 60 seconds

TIMEOUTconnect = 10 seconds

TIMEOUTidle = 43200 seconds

verify = none