Hello -- I am running the following commands to compile openssl (with FIPS support) and stunnel * Base config for FIPS

cd openssl-fips-2.0.9 echo "./config" ./config * OpenSSL with shared and custom install location

cd openssl-1.0.1m echo "./config fips --openssldir=/usr/local/openssl-100 --with-fipslibdir=/usr/local/ssl/fips-2.0/lib" ./config fips shared --openssldir=/usr/local/openssl-100 --with-fipslibdir=/usr/local/ssl/fips-2.0/lib/ * Stunnel with FIPs (autodetect is working , I just added it to force it)

cd stunnel-5.09 echo "make clean" make clean echo "./configure --with-ssl=/usr/local/openssl-100 --disable-libwrap --enable-fips" ./configure --with-ssl=/usr/local/openssl-100 --disable-libwrap --enable-fips You can see that my custom OpenSSL is reporting that it is built with -fips

root@host:/var/tmp# /usr/local/openssl-100/bin/openssl version OpenSSL 1.0.1m-fips 19 Mar 2015

But when I'm done with all the compile options -- I only see the base version of OpenSSL 1.0.1m , and this same script with Stunnel 4.53 shows OpenSSL 1.0.1m-fips Is there something I am missing during the configure for Stunnel that is causing it to NOT see openssl is compiled with FIPs? root@host:/var/tmp# stunnel -version stunnel 5.09 on x86_64-unknown-linux-gnu platform Compiled with OpenSSL 1.0.1m 19 Mar 2015 Running with OpenSSL 1.0.1 14 Mar 2012 Update OpenSSL shared libraries or rebuild stunnel Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI

Global options: debug = daemon.notice RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes

Service-level options: ciphers = FIPS (with "fips = yes") ciphers = HIGH:MEDIUM:+3DES:+DH:!aNULL:!SSLv2 (with "fips = no") curve = prime256v1 options = NO_SSLv2 options = NO_SSLv3 sessionCacheSize = 1000 sessionCacheTimeout = 300 seconds stack = 65536 bytes TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none