[stunnel-users] 5.xx Windows binaries - FIPS compliant?

Rob Lockhart rlockhar at gmail.com
Tue Mar 24 18:08:45 CET 2015


I apologize if this was asked in the past. I couldn't find any
references to my question in the lists except this (related but not
answering the question):
http://www.stunnel.org/pipermail/stunnel-users/2014-July/004673.html
http://www.stunnel.org/pipermail/stunnel-users/2012-November/003963.html

I understand how to compile Stunnel from source, and the FIPS canister
for OpenSSL, then build OpenSSL with this FIPS canister, then build
Stunnel using that OpenSSL. My question is for the Windows version
with filename "stunnel-5.13-installer.exe". That compiled version
doesn't seem to be built with FIPS canister, as the log shows:
"Compiled/running with OpenSSL 1.0.2a 19 Mar 2015"
without a "-fips" appendage after the OpenSSL version. In other words,
if it was built as FIPS-compliant, it would show:
"Compiled/running with OpenSSL 1.0.2a-fips 19 Mar 2015"

It may support the FIPS options (in the config file) but it's not
FIPS-compliant. I also assume that this doesn't preclude the FIPS
options in the config file from working. Specifically, FIPS-compliant
does NOT imply that FIPS mode cannot be enabled. Am I understanding
this correctly?

Thanks,
 -Rob



More information about the stunnel-users mailing list