[stunnel-users] Compiling with ./configure --enable-fips option

Lewis, Joseph E Sr Mr CTR USA USA joe.lewissr at us.army.mil
Wed Jan 26 15:18:08 CET 2011

I am having a problem with compiling with fips enable mode on. The default is suppose to fips enabled but when the configure runs with no options it states that fips is not enabled and the make runs successfully. When I use the –enable-fips option, the configure runs just fine but the make fails with : 
In file included from common.h:374,
                 from file.c:38:
/usr/include/openssl/fips.h:69:2: error: #error FIPS is disabled.
make: 1254-004 The error code from the last command is 1.

make: 1254-004 The error code from the last command is 1.

IBM support assures me that FIPS is enabled. At this point I am stuck and do not know what to do next. Can anyone offer any suggestions? My system, oslevel, ssl level, etc… are as follows: 

$  uname -a
AIX velssi02 3 5 00C866124C00

$oslevel –s 
AIX   5300-12-02-1036

$ lslpp -l | grep libc
  bos.rte.libc      COMMITTED  libc Library
  bos.rte.libcfg    COMMITTED  libcfg Library
  bos.rte.libcur    COMMITTED  libcurses Library

$  gcc -v
Using built-in specs.
Target: powerpc-ibm-aix5.3.0.0
Configured with: ../configure --with-as=/usr/bin/as --with-ld=/usr/bin/ld --enable-languages=c,c++,java --prefix=/opt/freeware --enable-threads --enable-version-specific-runtime-libs --host=powerpc-ibm-aix5.3.0.0 --target=powerpc-ibm-aix5.3.0.0 --build=powerpc-ibm-aix5.3.0.0 --disable-libjava-multilib
Thread model: aix
gcc version 4.2.0

$ ssh –V 
OpenSSH_5.2p1, OpenSSL 0.9.8k-fips 25 Mar 2009


$ /usr/local/bin/stunnel/stunnel -version
stunnel 4.32 on powerpc-ibm-aix5.3.0.0 with OpenSSL 0.9.8k-fips 25 Mar 2009

Global options
debug           = daemon.notice
pid             = /usr/local/var/run/stunnel/stunnel.pid
RNDbytes        = 64
RNDfile         = /dev/urandom
RNDoverwrite    = yes

Service-level options
cert            = /usr/local/etc/stunnel/stunnel.pem
ciphers         = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH
session         = 300 seconds
stack           = 65536 bytes
sslVersion      = SSLv3 for client, all for server
TIMEOUTbusy     = 300 seconds
TIMEOUTclose    = 60 seconds
TIMEOUTconnect  = 10 seconds
TIMEOUTidle     = 43200 seconds
verify          = none

More information about the stunnel-users mailing list