Hi,
my config is cert = stunnel.pem socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7
fips = yes
[Demo-Trading] client = yes accept = 127.0.0.1:40001 connect = fix-order.london-demo.lmax.com:443 sslVersion = TLSv1 options = NO_SSLv2 options = NO_SSLv3
[Demo ñ Market Data] client = yes accept = 127.0.0.1:40003 connect = fix-marketdata.london-demo.lmax.com:443 sslVersion = TLSv1 options = NO_SSLv2 options = NO_SSLv3
and I still receiving this error.
FIPS_mode_set: F06D065: error:0F06D065:common libcrypto routines:FIPS_mode_set:fips mode not supported
Any suggestions? Fips = no is not an option for me.
Thanks
Yan
Le 04/03/2019 à 16:14, Yan Renelt a écrit :
Hi,
Hi,
my config is cert = stunnel.pem socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7
fips = yes
[Demo-Trading] client = yes accept = 127.0.0.1:40001 connect = fix-order.london-demo.lmax.com:443 sslVersion = TLSv1
Why do you use this one ? Isn't it better to use TLSv1.2 min.?
options = NO_SSLv2 options = NO_SSLv3
[Demo ñ Market Data] client = yes accept = 127.0.0.1:40003 connect = fix-marketdata.london-demo.lmax.com:443 sslVersion = TLSv1 options = NO_SSLv2 options = NO_SSLv3
and I still receiving this error.
FIPS_mode_set: F06D065: error:0F06D065:common libcrypto routines:FIPS_mode_set:fips mode not supported
Any suggestions? Fips = no is not an option for me.
Thanks
Yan
Witch OS ? Do you use `debug = 7` ? Some informations in ? On openBSD (for ex.), `rcctl -d start stunnel` could give you some useful informations.
There is a sample of mine (client = no) : debug = 7 output = stunnel.log sslVersion = TLSv1.2 options = CIPHER_SERVER_PREFERENCE ciphers = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384 curve = secp384r1
Regards,
You don't give much details on which environment is installed stunnel, but it seems that it has been compiled with a version of openssl that doesn't have fips object module.
Flo
On Mon, Mar 4, 2019 at 4:15 PM Yan Renelt reneltyan@gmail.com wrote:
Hi,
my config is cert = stunnel.pem socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7
fips = yes
[Demo-Trading] client = yes accept = 127.0.0.1:40001 connect = fix-order.london-demo.lmax.com:443 sslVersion = TLSv1 options = NO_SSLv2 options = NO_SSLv3
[Demo ñ Market Data] client = yes accept = 127.0.0.1:40003 connect = fix-marketdata.london-demo.lmax.com:443 sslVersion = TLSv1 options = NO_SSLv2 options = NO_SSLv3
and I still receiving this error.
FIPS_mode_set: F06D065: error:0F06D065:common libcrypto routines:FIPS_mode_set:fips mode not supported
Any suggestions? Fips = no is not an option for me.
Thanks
Yan _______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-
Flo Rance -
mlrx -
Yan Renelt