Hi I am trying to set up stunnel with FIPS 140-2 compliance. I found some discussion of this on this mailing list from many years ago, but I'm not sure how much of that is still relevant today. I am running Ubuntu Pro 18.04, with FIPS mode (including the userspace modules: https://security-certs.docs.ubuntu.com/en/fips). If I simply `apt-get install stunnel4`, I can create a config with `fips = yes`, and when I start it up, I see this line logged: 2021.06.23 15:45:24 LOG5[ui]: FIPS mode enabled Does this mean I am all set, without needing to compile anything from source? In this message (from almost a decade ago), it sounds like this might be the validation I need:
BTW: "fips" option is only available when stunnel is built with FIPS support. FIPS mode is also clearly logged on startup
https://www.stunnel.org/pipermail/stunnel-users/2012-November/003963.html Or do I need to build stunnel from scratch, using my local openssl distribution? Thanks! -- Patrick Kaeding pkaeding@launchdarkly.com