[stunnel-users] FIPS mode not supported
mlrx
stunnel.org at 18informatique.com
Mon Mar 4 17:15:30 CET 2019
Le 04/03/2019 à 16:14, Yan Renelt a écrit :
> Hi,
Hi,
> my config is
> cert = stunnel.pem
> socket = l:TCP_NODELAY=1
> socket = r:TCP_NODELAY=1
> debug = 7
>
> fips = yes
>
> [Demo-Trading]
> client = yes
> accept = 127.0.0.1:40001
> connect = fix-order.london-demo.lmax.com:443
> sslVersion = TLSv1
Why do you use this one ?
Isn't it better to use TLSv1.2 min.?
> options = NO_SSLv2
> options = NO_SSLv3
>
> [Demo ñ Market Data]
> client = yes
> accept = 127.0.0.1:40003
> connect = fix-marketdata.london-demo.lmax.com:443
> sslVersion = TLSv1
> options = NO_SSLv2
> options = NO_SSLv3
>
>
> and I still receiving this error.
>
> FIPS_mode_set: F06D065: error:0F06D065:common libcrypto routines:FIPS_mode_set:fips mode not supported
>
> Any suggestions? Fips = no is not an option for me.
>
>
> Thanks
>
> Yan
Witch OS ?
Do you use `debug = 7` ? Some informations in ?
On openBSD (for ex.), `rcctl -d start stunnel` could give you
some useful informations.
There is a sample of mine (client = no) :
debug = 7
output = stunnel.log
sslVersion = TLSv1.2
options = CIPHER_SERVER_PREFERENCE
ciphers =
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384
curve = secp384r1
Regards,
--
mlrx
More information about the stunnel-users
mailing list