Le 04/03/2019 à 16:14, Yan Renelt a écrit :
Hi,
Hi,
my config is cert = stunnel.pem socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7
fips = yes
[Demo-Trading] client = yes accept = 127.0.0.1:40001 connect = fix-order.london-demo.lmax.com:443 sslVersion = TLSv1
Why do you use this one ? Isn't it better to use TLSv1.2 min.?
options = NO_SSLv2 options = NO_SSLv3
[Demo ñ Market Data] client = yes accept = 127.0.0.1:40003 connect = fix-marketdata.london-demo.lmax.com:443 sslVersion = TLSv1 options = NO_SSLv2 options = NO_SSLv3
and I still receiving this error.
FIPS_mode_set: F06D065: error:0F06D065:common libcrypto routines:FIPS_mode_set:fips mode not supported
Any suggestions? Fips = no is not an option for me.
Thanks
Yan
Witch OS ? Do you use `debug = 7` ? Some informations in ? On openBSD (for ex.), `rcctl -d start stunnel` could give you some useful informations.
There is a sample of mine (client = no) : debug = 7 output = stunnel.log sslVersion = TLSv1.2 options = CIPHER_SERVER_PREFERENCE ciphers = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384 curve = secp384r1
Regards,