[stunnel-users] stunnel FIPS mode 140-2/ Other Modes

• Previous message (by thread): [stunnel-users] "Broken pipe" issue
• Next message (by thread): [stunnel-users] Sending Email from PLC Without Authentication with gmail
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi All,

I would like to ask a question about stunnel fips mode. There are lots of
question and answers on the internet related with this, but I could not
find any answer related with mine.
I am compiling with openssl (auto detecting fips) . Here is a part of
confgiure output :

checking for FIPS_mode_set... yes
configure: FIPS mode detected

So I am thinking that fips also is being included.
Then I try to run stunnel on target platform (in stunnel.conf fips=yes)
and it gives below error :

Compiled/running with OpenSSL 0.9.8w-fips 23 Apr 2012
Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS
Reading configuration from file stunnel.conf
FIPS_mode_set: 2D06906E: error:2D06906E:FIPS
routines:FIPS_CHECK_INCORE_FINGERPRINT:fingerprint does not match

there are lots of information about this errror on internet.
Then when I configure stunnel.conf with fips=no, stunnel is running
successfully.

I know that fips=yes means that enables FIPS 140-2 mode and I guess my fips
canister does not supoort fips 140-2 mode (I do not know which fips mode it
has supported).
Now my question is coming :

When I set fips=no, stunnel also starts with other available fips modes
which the canister included?
Or it skips running fips mode completely?

Plase inform me if anyone has any idea?

Regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20130624/29d81408/attachment.html>

• Previous message (by thread): [stunnel-users] "Broken pipe" issue
• Next message (by thread): [stunnel-users] Sending Email from PLC Without Authentication with gmail
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]