configure FIPS for openssl/stunnel in compile or run time?

Discussion in 'Linux Networking' started by Zhang Weiwu, Dec 18, 2013.

  1. Zhang Weiwu

    Zhang Weiwu Guest

    Hello. Recently had a failure running binary distribution of stunnel on
    OpenSUSE 13.1, error was "FIPS mode not set". I can see 5 possibilities:

    1. FIPS is set before compiling stunnel.
    2. FIPS is set in run time for stunnel.
    3. FIPS is set before compiling openssl.
    4. FIPS is set in run time for openssl.
    5. FIPS is an OS thing, had to get enterprise edition of SUSE to use it,
    or getting youself a version of stunnel without it.

    There is no clue which one is true, and a try-and-error would take a whole
    afternoon for my level. Kindly let me know how do you handle the case?

    Here are background information:

    --------------------------------

    The error is produced even with a blank configration file (not specifying
    any section in [xxx] format):

    cat /var/log/rc.stunnel.log

    Clients allowed=500
    stunnel 4.56 on x86_64-suse-linux-gnu platform
    Compiled/running with OpenSSL 1.0.1e 11 Feb 2013
    Threading:pTHREAD Sockets:pOLL,IPv6 SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP
    Reading configuration from file /etc/stunnel/stunnel.conf
    FIPS_mode_set: F06D065: error:0F06D065:common libcrypto
    routines:FIPS_mode_set:fips mode not supported
    Global options: Failed to initialize SSL
    str_stats: 5 block(s), 87 data byte(s), 290 control byte(s)

    -----------------------------------

    stunnel version:

    ~> zypper se -is stunnel
    Loading repository data...
    Reading installed packages...

    S | Name | Type | Version | Arch | Repository
    --+---------+---------+----------+--------+------------------
    i | stunnel | package | 4.56-1.1 | x86_64 | security: stunnel
     
    Zhang Weiwu, Dec 18, 2013
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.