Yes, from INSTALL.FIPS in the stunnel tarball
stunnel FIPS install notes
Unix HOWTO: FIPS mode is autodetected if possible. You can force it with: ./configure --enable-fips or disable with: ./configure --disable-fips
WIN32 HOWTO: * On 32-bit Windows install one of the following compilers: - MSVC 8.0 (VS 2005) Standard or Professional Edition - MSVC 9.0 (VS 2008) any edition including Express Edition * On 64-bit Windows install one of the following compilers: - MSVC 8.0 (VS 2005) Standard or Professional Edition - MSVC 9.0 (VS 2008) Standard or Professional Edition * Build FIPS-compliant OpenSSL DLLS according to: http://www.openssl.org/docs/fips/UserGuide-1.2.pdf * Build stunnel normally with MSVC or Mingw. Mingw build requires DLL stubs. Stubs can be built with: dlltool --def ms/libeay32.def --output-lib libcrypto.a dlltool --def ms/ssleay32.def --output-lib libssl.a
On Mon, Nov 5, 2012 at 4:18 PM, Michael Curran mike_curran@hotmail.comwrote:
Hello
I think there is a bit of confusion within my company on what stunnel can do in regards to FIPS 140-2 out of the box. I know there are configuration options that can enable or disable FIPS 140-2 mode, but as the man page indicates
*fips = yes | no* Enable or disable FIPS 140-2 mode. This option allows to disable entering FIPS mode if stunnel was compiled with FIPS 140-2 support. default: yes Which to me says I have to compile stunnel on my own using openssl with fips libraries to build a Stunnel binary that can support FIPS 140-2 compliance -- if I download just the windows or unix binaries and install them -- then I am not going to be 140-2 compliant where I set the config file to yes or no , since the FIPS modules wont be compiled into the binary.
I'm just looking for confirmation before I take this back to the rest of my group.
Thanks!!
Michael Curran
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users