we're using a rackspace cloud machine to run stunnel and haproxy. we're using the x-forwarded-for stunnel patch for now with plans to upgrade to send-proxy method once haproxy 1.5 is considered the stable branch.

So I built one machine and ran into the "FIPS_mode_set: 2D06C06E: error:2D06C06E:FIPS routines:FIPS_mode_set:fingerprint does not match" error message. So I changed the config to fips=no and stunnel started up but the https seems really slow (multiple browsers). We run with significant https volume. So the fips=no option didn't work for us. I kept trying different things but nothing worked. I decided to start clean and built a new machine. This time stunnel didn't throw the FIPS error and everything performed great. So used the new machine instead.

Now after some time (over a year), we had some performance problems. we rebooted the machine and now we have the FIPS error again. I've tried multiple versions of stunnel (whatever I could find working patches for) and also tried a clean 4.51 with no patches. all of them throw the FIPS error now on this machine. I'm in the process of building a new machine to see if it magically works again.