
Hi, my config is cert = stunnel.pem socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7 fips = yes [Demo-Trading] client = yes accept = 127.0.0.1:40001 connect = fix-order.london-demo.lmax.com:443 sslVersion = TLSv1 options = NO_SSLv2 options = NO_SSLv3 [Demo ñ Market Data] client = yes accept = 127.0.0.1:40003 connect = fix-marketdata.london-demo.lmax.com:443 sslVersion = TLSv1 options = NO_SSLv2 options = NO_SSLv3 and I still receiving this error. FIPS_mode_set: F06D065: error:0F06D065:common libcrypto routines:FIPS_mode_set:fips mode not supported Any suggestions? Fips = no is not an option for me. Thanks Yan

Le 04/03/2019 à 16:14, Yan Renelt a écrit :
Hi, Hi,
my config is cert = stunnel.pem socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7
fips = yes
[Demo-Trading] client = yes accept = 127.0.0.1:40001 connect = fix-order.london-demo.lmax.com:443 sslVersion = TLSv1 Why do you use this one ? Isn't it better to use TLSv1.2 min.?
options = NO_SSLv2 options = NO_SSLv3
[Demo ñ Market Data] client = yes accept = 127.0.0.1:40003 connect = fix-marketdata.london-demo.lmax.com:443 sslVersion = TLSv1 options = NO_SSLv2 options = NO_SSLv3
and I still receiving this error.
FIPS_mode_set: F06D065: error:0F06D065:common libcrypto routines:FIPS_mode_set:fips mode not supported
Any suggestions? Fips = no is not an option for me.
Thanks
Yan
Witch OS ? Do you use `debug = 7` ? Some informations in ? On openBSD (for ex.), `rcctl -d start stunnel` could give you some useful informations. There is a sample of mine (client = no) : debug = 7 output = stunnel.log sslVersion = TLSv1.2 options = CIPHER_SERVER_PREFERENCE ciphers = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384 curve = secp384r1 Regards, -- mlrx

You don't give much details on which environment is installed stunnel, but it seems that it has been compiled with a version of openssl that doesn't have fips object module. Flo On Mon, Mar 4, 2019 at 4:15 PM Yan Renelt <reneltyan@gmail.com> wrote:
Hi,
my config is cert = stunnel.pem socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7
fips = yes
[Demo-Trading] client = yes accept = 127.0.0.1:40001 connect = fix-order.london-demo.lmax.com:443 sslVersion = TLSv1 options = NO_SSLv2 options = NO_SSLv3
[Demo ñ Market Data] client = yes accept = 127.0.0.1:40003 connect = fix-marketdata.london-demo.lmax.com:443 sslVersion = TLSv1 options = NO_SSLv2 options = NO_SSLv3
and I still receiving this error.
FIPS_mode_set: F06D065: error:0F06D065:common libcrypto routines:FIPS_mode_set:fips mode not supported
Any suggestions? Fips = no is not an option for me.
Thanks
Yan _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
participants (3)
-
Flo Rance
-
mlrx
-
Yan Renelt