[stunnel-users] stunnel FIPS mode 140-2/ Other Modes
mehmet ozisik
mehmetzsk at gmail.com
Mon Jun 24 16:07:21 CEST 2013
Hi All,
I would like to ask a question about stunnel fips mode. There are lots of
question and answers on the internet related with this, but I could not
find any answer related with mine.
I am compiling with openssl (auto detecting fips) . Here is a part of
confgiure output :
checking for FIPS_mode_set... yes
configure: FIPS mode detected
So I am thinking that fips also is being included.
Then I try to run stunnel on target platform (in stunnel.conf fips=yes)
and it gives below error :
Compiled/running with OpenSSL 0.9.8w-fips 23 Apr 2012
Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS
Reading configuration from file stunnel.conf
FIPS_mode_set: 2D06906E: error:2D06906E:FIPS
routines:FIPS_CHECK_INCORE_FINGERPRINT:fingerprint does not match
there are lots of information about this errror on internet.
Then when I configure stunnel.conf with fips=no, stunnel is running
successfully.
I know that fips=yes means that enables FIPS 140-2 mode and I guess my fips
canister does not supoort fips 140-2 mode (I do not know which fips mode it
has supported).
Now my question is coming :
When I set fips=no, stunnel also starts with other available fips modes
which the canister included?
Or it skips running fips mode completely?
Plase inform me if anyone has any idea?
Regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20130624/29d81408/attachment.html>
More information about the stunnel-users
mailing list