[stunnel-users] fips=no

Leandro Avila leandro.avila at ymail.com
Fri Feb 18 16:56:57 CET 2011 

Hello,

As I understand it this is just a compliance mode.
Compliance with the FIPS 140-2 U.S. standard
http://en.wikipedia.org/wiki/FIPS_140-2

In some cases, I assume you might be required to run a FIPS 140-2 compliant 
setup. In which case your cryptographic libraries should be certified. AND
there are some changes in configuration such as disabling non-fips approved
ciphers and mac algorithms
Example: Under FIPS mode MD5 and RC4 are not used. 
Then you can tell the gov. or whoever is asking you that you are following 
FIPS. 

You can potentially achieve the same without having to enable FIPS.
Just enable strong ciphers, disable MD5,RC4,SSLv2 etc. It is all
outlined in the document.

I run stunnel at home and for personal use, so I have never had to do deep
research into this, so this is my general understanding. If anyone
would like to share a more complete answer that would be even better.

Thanks

 -----------------
Leandro Avila




________________________________
From: "dominic.schweizer at zkb.ch" <dominic.schweizer at zkb.ch>
To: stunnel-users at stunnel.org
Sent: Fri, February 18, 2011 3:09:27 AM
Subject: [stunnel-users] fips=no


Hi All,

I have the problem that when I start Stunnel, the following error pops up:

FIPS_mode_set: 2D06C06E: error:2D06C06E:FIPS routines:FIPS_mode_set:fingerprint 
does not match

I now added in my config file: fips=no and it works.

My question is now, what is the difference between with fips and without fips?

stunnel version 4.34
openssl 0.9.8
redhat 5

Thanks in advance for the answer

Regards

Dominic

Freundliche Grüsse
Dominic Schweizer 
Zürcher Kantonalbank
Unix System Engineer, LIOEU

Neue Hard 9, 8005 Zürich
Telefon 044 292 83 52, Fax 044 292 80 34 
Briefadresse: Postfach 8010 Zürich, http://www.zkb.ch

Sie drucken dieses E-Mail nicht aus? Die Umwelt dankt!

___________________________________________________________________

Disclaimer :


Diese Mitteilung ist nur fuer die Empfaengerin / den Empfaenger bestimmt.

Fuer den Fall, dass sie von nichtberechtigten Personen empfangen wird, bitten 
wir diese hoeflich, die Mitteilung an die ZKB zurueckzusenden und anschliessend 
die Mitteilung mit allen Anhaengen sowie allfaellige Kopien zu vernichten bzw. 
zu loeschen. Der Gebrauch der Information ist verboten.


This message is intended only for the named recipient and may contain 
confidential or privileged information.

If you have received it in error, please advise the sender by return e-mail and 
delete this message and any attachments. Any unauthorised use or dissemination 
of this information is strictly prohibited.

More information about the stunnel-users mailing list