Hi All,

I would like to ask a question about stunnel fips mode. There are lots of question and answers on the internet related with this, but I could not find any answer related with mine. I am compiling with openssl (auto detecting fips) . Here is a part of confgiure output :

checking for FIPS_mode_set... yes configure: FIPS mode detected

So I am thinking that fips also is being included. Then I try to run stunnel on target platform (in stunnel.conf fips=yes) and it gives below error :

Compiled/running with OpenSSL 0.9.8w-fips 23 Apr 2012 Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Reading configuration from file stunnel.conf FIPS_mode_set: 2D06906E: error:2D06906E:FIPS routines:FIPS_CHECK_INCORE_FINGERPRINT:fingerprint does not match

there are lots of information about this errror on internet. Then when I configure stunnel.conf with fips=no, stunnel is running successfully.

I know that fips=yes means that enables FIPS 140-2 mode and I guess my fips canister does not supoort fips 140-2 mode (I do not know which fips mode it has supported). Now my question is coming :

When I set fips=no, stunnel also starts with other available fips modes which the canister included? Or it skips running fips mode completely?

Plase inform me if anyone has any idea?

Regards