Sunday, September 30, 2012

I'm setting up stunnel and will be enabling x-forwarded-for patch for it to partner with haproxy. However, I'm having an issue in starting up haproxy.
[root@ZAPATUS stunnel]# /etc/init.d/stunnel start
Starting universal SSL tunnel: stunnelClients allowed=500
stunnel 4.53 on i686-pc-linux-gnu platform
Compiled/running with OpenSSL 1.0.1c 10 May 2012
Threading:PTHREAD SSL:+ENGINE+OCSP+FIPS Auth:LIBWRAP Sockets:POLL+IPv6
Reading configuration from file /usr/local/etc/stunnel/stunnel.conf
FIPS_mode_set: F06D065: error:0F06D065:common libcrypto routines:FIPS_mode_set:fips mode not supported
str_stats: 5 block(s), 93 data byte(s), 210 control byte(s)
 failed.
To fix, include fips=no on stunnel.conf. Here is the global portion of my stunnel.conf
sslVersion = all
setuid = stunnel 
setgid = stunnel
pid = /tmp/stunnel.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
fips=no 

No comments:

Post a Comment