[stunnel-users] FIPS mode not supported

• Previous message (by thread): [stunnel-users] FIPS mode not supported
• Next message (by thread): [stunnel-users] FIPS mode not supported
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Le 04/03/2019 à 16:14, Yan Renelt a écrit :
> Hi,
Hi,

> my config is
> cert = stunnel.pem
> socket = l:TCP_NODELAY=1
> socket = r:TCP_NODELAY=1
> debug = 7
> 
> fips = yes
> 
> [Demo-Trading]
> client = yes
> accept = 127.0.0.1:40001
> connect = fix-order.london-demo.lmax.com:443
> sslVersion = TLSv1
Why do you use this one ?
Isn't it better to use TLSv1.2 min.?

> options = NO_SSLv2
> options = NO_SSLv3
> 
> [Demo ñ Market Data]
> client = yes
> accept = 127.0.0.1:40003
> connect = fix-marketdata.london-demo.lmax.com:443
> sslVersion = TLSv1
> options = NO_SSLv2
> options = NO_SSLv3
> 
> 
> and I still receiving this error.
> 
> FIPS_mode_set: F06D065: error:0F06D065:common libcrypto routines:FIPS_mode_set:fips mode not supported
> 
> Any suggestions? Fips = no is not an option for me.
> 
> 
> Thanks
> 
> Yan

Witch OS ?
Do you use `debug = 7` ? Some informations in ?
On openBSD (for ex.), `rcctl -d start stunnel` could give you
some useful informations.

There is a sample of mine (client = no) :
debug = 7
output = stunnel.log
sslVersion = TLSv1.2
options = CIPHER_SERVER_PREFERENCE
ciphers =
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384
curve = secp384r1


Regards,
-- 
mlrx

• Previous message (by thread): [stunnel-users] FIPS mode not supported
• Next message (by thread): [stunnel-users] FIPS mode not supported
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]