[stunnel-users] FIPS enablement

Michal Trojnara Michal.Trojnara at mirt.net
Mon Nov 5 22:34:48 CET 2012

On 2012-11-05 22:18, Michael Curran wrote:
\> **fips* = yes | no*
>     Enable or disable FIPS 140-2 mode.
>     This option allows to disable entering FIPS mode if stunnel was
>     compiled with FIPS 140-2 support.
>     default: yes
> Which to me says I have to compile stunnel on my own using openssl with
> fips libraries to build a Stunnel binary that can support FIPS 140-2
> compliance -- if I download just the windows or unix binaries and
> install them -- then I am not going to be 140-2 compliant where I set
> the config file to yes or no , since the FIPS modules wont be compiled
> into the binary.

My Windows binary is built to meet requirements of the OpenSSL FIPS
security policy.  AFAIK some other vendors also build with their binary
distributions of stunnel with FIPS mode enabled.

BTW: "fips" option is only available when stunnel is built with FIPS
support.  FIPS mode is also clearly logged on startup.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20121105/7067dcd0/attachment.sig>

More information about the stunnel-users mailing list