[stunnel-users] FIPS enablement

Michael Curran mike_curran at hotmail.com
Mon Nov 5 22:18:49 CET 2012


  I think there is a bit of confusion within my company on what stunnel can do in regards to FIPS 140-2 out of the box. I know there are configuration options that can enable or disable FIPS 140-2 mode, but as the man page indicates

fips = yes | no
Enable or disable FIPS 140-2 mode.
This option allows to disable entering FIPS mode if stunnel was compiled with
FIPS 140-2 support.
default: yesWhich to me says I have to compile stunnel on my own using openssl with fips libraries to build a Stunnel binary that can support FIPS 140-2 compliance -- if I download just the windows or unix binaries and install them -- then I am not going to be 140-2 compliant where I set the config file to yes or no , since the FIPS modules wont be compiled into the binary.
I'm just looking for confirmation before I take this back to the rest of my group. 

Michael Curran

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20121105/e89a5c40/attachment.html>

More information about the stunnel-users mailing list