httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: OpenSSL FIPS status
Date Mon, 05 Mar 2007 18:35:17 GMT
Jason Jones wrote:
> Can I ask what the status is on utilizing OpenSSL's FIPS mode with
> mod_ssl?

No news from me yet - I've just finished helping migrate mod_ftp out
of incubation into httpd project, and have one more critical patch to
bring it into the 21.1'nd century (EPSV/EPRT implementations).  And
I had also just finished the non-ASF release of current mod_aspdotnet
code, removing the final nail from that coffin.

Ben and I started this, Ben committed the original code around the
planned design of openssl/fips 1.0.0.  From the actual 1.0.0 release
through today, that design evolved.  In the meantime, I have a whole
lot of private hackery in my trees based on commercial FIPS support,
which I'll re-port and bring out during March.  Then the list is likely
to debate the wisdom of supporting MD5 (a dis-approved hash) throughout
the code.  Perhaps even revist where SHA1's eventual demise (2009?)
should be preemptively replaced by SHA2 strength hashes.

It took several years for openssl to get where it is, I hope it isn't
years for us to rigorously follow the Security Policy, but it's not an
overnight sort of thing.

Bill


Mime
View raw message