[stunnel-users] Stunnel 5.0x compile issues

• Previous message (by thread): [stunnel-users] Disconnect immediately after sending a message successfully
• Next message (by thread): [stunnel-users] openvms and stunnel
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello --
 I am running the following commands to compile openssl (with FIPS support) and stunnel 
* Base config for FIPS







cd openssl-fips-2.0.9
echo "./config"
./config 
* OpenSSL with shared and custom install location







cd openssl-1.0.1m
echo "./config fips --openssldir=/usr/local/openssl-100 --with-fipslibdir=/usr/local/ssl/fips-2.0/lib"
./config fips shared --openssldir=/usr/local/openssl-100 --with-fipslibdir=/usr/local/ssl/fips-2.0/lib/
* Stunnel with FIPs (autodetect is working , I just added it to force it)







cd stunnel-5.09
echo "make clean"
make clean
echo "./configure --with-ssl=/usr/local/openssl-100 --disable-libwrap --enable-fips"
./configure --with-ssl=/usr/local/openssl-100 --disable-libwrap --enable-fips
You can see that my custom OpenSSL is reporting that it is built with -fips








root at host:/var/tmp# /usr/local/openssl-100/bin/openssl version
OpenSSL 1.0.1m-fips 19 Mar 2015

But when I'm done with all the compile options -- I only see the base version of OpenSSL 1.0.1m , and this same script with Stunnel 4.53 shows OpenSSL 1.0.1m-fips 
Is there something I am missing during the configure for Stunnel that is causing it to NOT see openssl is compiled with FIPs?
root at host:/var/tmp# stunnel -version
stunnel 5.09 on x86_64-unknown-linux-gnu platform
Compiled with OpenSSL 1.0.1m 19 Mar 2015
Running  with OpenSSL 1.0.1 14 Mar 2012
Update OpenSSL shared libraries or rebuild stunnel
Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
 
Global options:
debug                  = daemon.notice
RNDbytes               = 64
RNDfile                = /dev/urandom
RNDoverwrite           = yes
 
Service-level options:
ciphers                = FIPS (with "fips = yes")
ciphers                = HIGH:MEDIUM:+3DES:+DH:!aNULL:!SSLv2 (with "fips = no")
curve                  = prime256v1
options                = NO_SSLv2
options                = NO_SSLv3
sessionCacheSize       = 1000
sessionCacheTimeout    = 300 seconds
stack                  = 65536 bytes
TIMEOUTbusy            = 300 seconds
TIMEOUTclose           = 60 seconds
TIMEOUTconnect         = 10 seconds
TIMEOUTidle            = 43200 seconds
verify                 = none 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20150406/cf2ec002/attachment.html>

• Previous message (by thread): [stunnel-users] Disconnect immediately after sending a message successfully
• Next message (by thread): [stunnel-users] openvms and stunnel
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]