[stunnel-users] FIPS enablement

• Previous message (by thread): [stunnel-users] FIPS enablement
• Next message (by thread): [stunnel-users] FIPS enablement
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Yes, from INSTALL.FIPS in the stunnel tarball

stunnel FIPS install notes


Unix HOWTO:
FIPS mode is autodetected if possible.  You can force it with:
  ./configure --enable-fips
or disable with:
  ./configure --disable-fips

WIN32 HOWTO:
* On 32-bit Windows install one of the following compilers:
  - MSVC 8.0 (VS 2005) Standard or Professional Edition
  - MSVC 9.0 (VS 2008) any edition including Express Edition
* On 64-bit Windows install one of the following compilers:
  - MSVC 8.0 (VS 2005) Standard or Professional Edition
  - MSVC 9.0 (VS 2008) Standard or Professional Edition
* Build FIPS-compliant OpenSSL DLLS according to:
  http://www.openssl.org/docs/fips/UserGuide-1.2.pdf
* Build stunnel normally with MSVC or Mingw.
  Mingw build requires DLL stubs.  Stubs can be built with:
  dlltool --def ms/libeay32.def --output-lib libcrypto.a
  dlltool --def ms/ssleay32.def --output-lib libssl.a




On Mon, Nov 5, 2012 at 4:18 PM, Michael Curran <mike_curran at hotmail.com>wrote:

>  Hello
>
>   I think there is a bit of confusion within my company on what stunnel
> can do in regards to FIPS 140-2 out of the box. I know there are
> configuration options that can enable or disable FIPS 140-2 mode, but as
> the man page indicates
>
> *fips = yes | no* Enable or disable FIPS 140-2 mode.
> This option allows to disable entering FIPS mode if stunnel was compiled
> with FIPS 140-2 support.
> default: yes
> Which to me says I have to compile stunnel on my own using openssl with
> fips libraries to build a Stunnel binary that can support FIPS 140-2
> compliance -- if I download just the windows or unix binaries and install
> them -- then I am not going to be 140-2 compliant where I set the config
> file to yes or no , since the FIPS modules wont be compiled into the binary.
>
>
> I'm just looking for confirmation before I take this back to the rest of
> my group.
>
>
>
> Thanks!!
>
>
> Michael Curran
>
>
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20121105/d7264654/attachment.html>

• Previous message (by thread): [stunnel-users] FIPS enablement
• Next message (by thread): [stunnel-users] FIPS enablement
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]