diff --git a/wolfProvider/stunnel/README.md b/wolfProvider/stunnel/README.md
index 29615a5d..f0300c12 100644
--- a/wolfProvider/stunnel/README.md
+++ b/wolfProvider/stunnel/README.md
@@ -1,6 +1,10 @@
+For version 5.67 testing with WPFF support, use the patch `stunnel-WPFF-5.67-wolfprov.patch`
 This patch adds support for testing stunnel with `WOLFPROV_FORCE_FAIL=1`
 environment variable, which is used to simulate provider failures during
 testing. It is only needed if you are testing wolfProvider with
 `WOLFPROV_FORCE_FAIL=1`.
 The patch includes modifications to certificate generation and session
 resumption tests to properly handle this test mode.
+
+For version 5.67 testing with FIPS support, use the patch `stunnel-FIPS-5.67-wolfprov.patch`
+Note: use either the WPFF or FIPS patch not both.
diff --git a/wolfProvider/stunnel/stunnel-FIPS-5.67-wolfprov.patch b/wolfProvider/stunnel/stunnel-FIPS-5.67-wolfprov.patch
new file mode 100644
index 00000000..d17ad6ef
--- /dev/null
+++ b/wolfProvider/stunnel/stunnel-FIPS-5.67-wolfprov.patch
@@ -0,0 +1,129 @@
+diff --git a/tests/certs/maketestcert.sh b/tests/certs/maketestcert.sh
+index 3c4f8b5..f53cfda 100755
+--- a/tests/certs/maketestcert.sh
++++ b/tests/certs/maketestcert.sh
+@@ -7,6 +7,17 @@ cd $(dirname "$0")
+ script_path=$(pwd)
+ cd "${result_path}"
+
++# Set wolfProvider paths with dynamic user detection
++CURRENT_USER=$(whoami)
++WOLFPROV_PATH="/home/${CURRENT_USER}/wolfProvider/wolfprov-install"
++WOLFPROV_LIB="$WOLFPROV_PATH/lib"
++OPENSSL_PATH="/home/${CURRENT_USER}/wolfProvider/openssl-install"
++
++# Set environment variables
++export LD_LIBRARY_PATH="$WOLFPROV_LIB:$OPENSSL_PATH/lib64:$LD_LIBRARY_PATH"
++export OPENSSL_CONF="/home/${CURRENT_USER}/wolfProvider/provider-fips.conf"
++export OPENSSL_MODULES="$WOLFPROV_LIB"
++
+ mkdir "tmp/"
+
+ # create new psk secrets
+@@ -30,8 +41,7 @@ gen_psk 2
+
+ # OpenSSL settings
+ TEMP_LD_LIBRARY_PATH=$LD_LIBRARY_PATH
+-LD_LIBRARY_PATH=""
+-OPENSSL=openssl
++OPENSSL="$OPENSSL_PATH/bin/openssl"
+ CONF="${script_path}/openssltest.cnf"
+
+ mkdir "demoCA/"
+@@ -40,57 +50,57 @@ touch "demoCA/index.txt.attr"
+ echo 1000 > "demoCA/serial"
+
+ # generate a self-signed certificate
+-$OPENSSL req -config $CONF -new -x509 -days $ddays -keyout tmp/stunnel.pem -out tmp/stunnel.pem \
++$OPENSSL req -provider-path $WOLFPROV_LIB -provider libwolfprov -config $CONF -new -x509 -days $ddays -keyout tmp/stunnel.pem -out tmp/stunnel.pem \
+     -subj "/C=PL/ST=Mazovia Province/L=Warsaw/O=Stunnel Developers/OU=Provisional CA/CN=localhost/emailAddress=stunnel@example.com" \
+     1>&2 2>> "maketestcert.log"
+
+ # generate root CA certificate
+-$OPENSSL genrsa -out demoCA/CA.key 1>&2 2>> "maketestcert.log"
+-$OPENSSL req -config $CONF -new -x509 -days $ddays -key demoCA/CA.key -out tmp/CACert.pem \
++$OPENSSL genpkey -provider-path $WOLFPROV_LIB -provider libwolfprov -algorithm RSA -out demoCA/CA.key -pkeyopt rsa_keygen_bits:2048 1>&2 2>> "maketestcert.log"
++$OPENSSL req -provider-path $WOLFPROV_LIB -provider libwolfprov -config $CONF -new -x509 -days $ddays -key demoCA/CA.key -out tmp/CACert.pem \
+     -subj "/C=PL/O=Stunnel Developers/OU=Root CA/CN=CA/emailAddress=CA@example.com" \
+     1>&2 2>> "maketestcert.log"
+
+ # generate a certificate to revoke
+-$OPENSSL genrsa -out demoCA/revoked.key 1>&2 2>> "maketestcert.log"
+-$OPENSSL req -config $CONF -new -key demoCA/revoked.key -out demoCA/revoked.csr \
++$OPENSSL genpkey -provider-path $WOLFPROV_LIB -provider libwolfprov -algorithm RSA -out demoCA/revoked.key -pkeyopt rsa_keygen_bits:2048 1>&2 2>> "maketestcert.log"
++$OPENSSL req -provider-path $WOLFPROV_LIB -provider libwolfprov -config $CONF -new -key demoCA/revoked.key -out demoCA/revoked.csr \
+     -subj "/C=PL/O=Stunnel Developers/OU=revoked/CN=revoked/emailAddress=revoked@example.com" \
+     1>&2 2>> "maketestcert.log"
+
+-$OPENSSL ca -config $CONF -batch -days $ddays -in demoCA/revoked.csr -out demoCA/revoked.cer 1>&2 2>> "maketestcert.log"
++$OPENSSL ca -provider-path $WOLFPROV_LIB -provider libwolfprov -config $CONF -batch -days $ddays -in demoCA/revoked.csr -out demoCA/revoked.cer 1>&2 2>> "maketestcert.log"
+
+-$OPENSSL x509 -in demoCA/revoked.cer -out tmp/revoked_cert.pem 1>&2 2>> "maketestcert.log"
++$OPENSSL x509 -provider-path $WOLFPROV_LIB -provider libwolfprov -in demoCA/revoked.cer -out tmp/revoked_cert.pem 1>&2 2>> "maketestcert.log"
+ cat demoCA/revoked.key >> tmp/revoked_cert.pem 2>> "maketestcert.log"
+
+ # revoke above certificate and generate CRL file
+-$OPENSSL ca -config $CONF -revoke demoCA/1000.pem 1>&2 2>> "maketestcert.log"
+-$OPENSSL ca -config $CONF -gencrl -crldays $ddays -out tmp/CACertCRL.pem 1>&2 2>> "maketestcert.log"
++$OPENSSL ca -provider-path $WOLFPROV_LIB -provider libwolfprov -config $CONF -revoke demoCA/1000.pem 1>&2 2>> "maketestcert.log"
++$OPENSSL ca -provider-path $WOLFPROV_LIB -provider libwolfprov -config $CONF -gencrl -crldays $ddays -out tmp/CACertCRL.pem 1>&2 2>> "maketestcert.log"
+
+ # generate a client certificate
+-$OPENSSL genrsa -out demoCA/client.key 1>&2 2>> "maketestcert.log"
+-$OPENSSL req -config $CONF -new -key demoCA/client.key -out demoCA/client.csr \
++$OPENSSL genpkey -provider-path $WOLFPROV_LIB -provider libwolfprov -algorithm RSA -out demoCA/client.key -pkeyopt rsa_keygen_bits:2048 1>&2 2>> "maketestcert.log"
++$OPENSSL req -provider-path $WOLFPROV_LIB -provider libwolfprov -config $CONF -new -key demoCA/client.key -out demoCA/client.csr \
+     -subj "/C=PL/O=Stunnel Developers/OU=client/CN=client/emailAddress=client@example.com" \
+     1>&2 2>> "maketestcert.log"
+
+-$OPENSSL ca -config $CONF -batch -days $ddays -in demoCA/client.csr -out demoCA/client.cer 1>&2 2>> "maketestcert.log"
++$OPENSSL ca -provider-path $WOLFPROV_LIB -provider libwolfprov -config $CONF -batch -days $ddays -in demoCA/client.csr -out demoCA/client.cer 1>&2 2>> "maketestcert.log"
+
+-$OPENSSL x509 -in demoCA/client.cer -out tmp/client_cert.pem 1>&2 2>> "maketestcert.log"
++$OPENSSL x509 -provider-path $WOLFPROV_LIB -provider libwolfprov -in demoCA/client.cer -out tmp/client_cert.pem 1>&2 2>> "maketestcert.log"
+ cat tmp/client_cert.pem > tmp/PeerCerts.pem 2>> "maketestcert.log"
+ cat demoCA/client.key >> tmp/client_cert.pem 2>> "maketestcert.log"
+
+ # generate a server certificate
+-$OPENSSL genrsa -out demoCA/server.key 1>&2 2>> "maketestcert.log"
+-$OPENSSL req -config $CONF -new -key demoCA/server.key -out demoCA/server.csr \
++$OPENSSL genpkey -provider-path $WOLFPROV_LIB -provider libwolfprov -algorithm RSA -out demoCA/server.key -pkeyopt rsa_keygen_bits:2048 1>&2 2>> "maketestcert.log"
++$OPENSSL req -provider-path $WOLFPROV_LIB -provider libwolfprov -config $CONF -new -key demoCA/server.key -out demoCA/server.csr \
+     -subj "/C=PL/O=Stunnel Developers/OU=server/CN=server/emailAddress=server@example.com" \
+     1>&2 2>> "maketestcert.log"
+
+-$OPENSSL ca -config $CONF -batch -days $ddays -in demoCA/server.csr -out demoCA/server.cer 1>&2 2>> "maketestcert.log"
++$OPENSSL ca -provider-path $WOLFPROV_LIB -provider libwolfprov -config $CONF -batch -days $ddays -in demoCA/server.csr -out demoCA/server.cer 1>&2 2>> "maketestcert.log"
+
+-$OPENSSL x509 -in demoCA/server.cer -out tmp/server_cert.pem 1>&2 2>> "maketestcert.log"
++$OPENSSL x509 -provider-path $WOLFPROV_LIB -provider libwolfprov -in demoCA/server.cer -out tmp/server_cert.pem 1>&2 2>> "maketestcert.log"
+ cat tmp/server_cert.pem >> tmp/PeerCerts.pem 2>> "maketestcert.log"
+ cat demoCA/server.key >> tmp/server_cert.pem 2>> "maketestcert.log"
+
+ # create a PKCS#12 file with a server certificate
+-$OPENSSL pkcs12 -export -certpbe pbeWithSHA1And3-KeyTripleDES-CBC -in tmp/server_cert.pem -out tmp/server_cert.p12 -passout pass: 1>&2 2>> "maketestcert.log"
++$OPENSSL pkcs12 -provider-path $WOLFPROV_LIB -provider libwolfprov -export -in tmp/server_cert.pem -out tmp/server_cert.p12 -inkey demoCA/server.key -name server -macalg sha1 -keypbe pbeWithSHA1And3-KeyTripleDES-CBC -certpbe pbeWithSHA1And3-KeyTripleDES-CBC -passout pass: 1>&2 2>> "maketestcert.log"
+
+ # copy new files
+ if [ -s tmp/stunnel.pem ] && [ -s tmp/CACert.pem ] && [ -s tmp/CACertCRL.pem ] && \
+diff --git a/tests/maketest.py b/tests/maketest.py
+index 8443dbc..19f0bcc 100644
+--- a/tests/maketest.py
++++ b/tests/maketest.py
+@@ -1620,11 +1620,15 @@ def parse_args() -> Config:
+         "(default: INFO)",
+     )
+     args = parser.parse_args()
++    # Detect current user for dynamic paths
++    current_user = os.environ.get("USER", "user")
+     utf8_env = dict(os.environ)
+     utf8_env.update({
+         "LC_ALL": "C.UTF-8",
+         "LANGUAGE": "",
+-        "LD_LIBRARY_PATH": args.libs})
++        "LD_LIBRARY_PATH": args.libs,
++        "OPENSSL_CONF": f"/home/{current_user}/wolfProvider/provider-fips.conf",
++        "OPENSSL_MODULES": f"/home/{current_user}/wolfProvider/wolfprov-install/lib"})
+     if not os.path.isdir(args.logs):
+         os.mkdir(args.logs)
+     with os.scandir(args.logs) as entries: