httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dr Stephen Henson <shen...@oss-institute.org>
Subject Re: Succeed compilation with FIPS
Date Sat, 04 Jun 2011 10:58:17 GMT
On 03/06/2011 15:51, Petr Hracek wrote:
> Dear developers,
> 
> I have tried to find out on the web what is the correct way
> how to compile http2 so that it will be compliance with FIPS 140-2.
> 
> I have already build up OpenSSL libraries with FIPS and development
> files as well.
> I have try to run ./configure --with-ssl=<path_to_openSSL_FIPS_libraries>
> and it seems to be good but how can I call make?
> 
> like: make CC=fipsld FIPSLD_CC=gcc ?
> 

If you are linking to the OpenSSL shared libraries you don't need to do anything
special at all. It is only if you do a static build that you need to use the
fipsld script.

You can test the build by enabling FIPS mode in the configuration file: the log
file should confirm it is in FIPS mode. In that mode you shouldn't be able to
connect with a non-FIPS ciphersuite such as one including RC4.

Note that just compiling and enabling FIPS mode doesn't guarantee compliance:
you also need to adhere to the requirements of the security policy.

Steve.
-- 
Dr Stephen N. Henson. Senior Technical/Cryptography Advisor,
Open Source Software Institute: www.oss-institute.org
OpenSSL Core team: www.openssl.org

Mime
View raw message