Return-Path: X-Original-To: apmail-httpd-dev-archive@www.apache.org Delivered-To: apmail-httpd-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 658F64605 for ; Sat, 4 Jun 2011 10:58:50 +0000 (UTC) Received: (qmail 88952 invoked by uid 500); 4 Jun 2011 10:58:49 -0000 Delivered-To: apmail-httpd-dev-archive@httpd.apache.org Received: (qmail 88880 invoked by uid 500); 4 Jun 2011 10:58:48 -0000 Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: dev@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list dev@httpd.apache.org Received: (qmail 88872 invoked by uid 99); 4 Jun 2011 10:58:48 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 04 Jun 2011 10:58:48 +0000 X-ASF-Spam-Status: No, hits=0.0 required=5.0 tests=SPF_HELO_PASS,SPF_PASS,T_HK_NAME_DR X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of shenson@oss-institute.org designates 67.18.157.234 as permitted sender) Received: from [67.18.157.234] (HELO ns1.oss-institute.org) (67.18.157.234) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 04 Jun 2011 10:58:42 +0000 Received: from drh-consultancy.demon.co.uk ([80.177.30.10] helo=[192.168.7.8]) by ns1.oss-institute.org with esmtpsa (TLSv1:AES256-SHA:256) (Exim 4.69) (envelope-from ) id 1QSoYY-0002kN-Jc for dev@httpd.apache.org; Sat, 04 Jun 2011 05:58:15 -0500 Message-ID: <4DEA0FC9.6010503@oss-institute.org> Date: Sat, 04 Jun 2011 11:58:17 +0100 From: Dr Stephen Henson User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10 MIME-Version: 1.0 To: dev@httpd.apache.org Subject: Re: Succeed compilation with FIPS References: In-Reply-To: X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - ns1.oss-institute.org X-AntiAbuse: Original Domain - httpd.apache.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - oss-institute.org X-Source: X-Source-Args: X-Source-Dir: X-Virus-Checked: Checked by ClamAV on apache.org On 03/06/2011 15:51, Petr Hracek wrote: > Dear developers, > > I have tried to find out on the web what is the correct way > how to compile http2 so that it will be compliance with FIPS 140-2. > > I have already build up OpenSSL libraries with FIPS and development > files as well. > I have try to run ./configure --with-ssl= > and it seems to be good but how can I call make? > > like: make CC=fipsld FIPSLD_CC=gcc ? > If you are linking to the OpenSSL shared libraries you don't need to do anything special at all. It is only if you do a static build that you need to use the fipsld script. You can test the build by enabling FIPS mode in the configuration file: the log file should confirm it is in FIPS mode. In that mode you shouldn't be able to connect with a non-FIPS ciphersuite such as one including RC4. Note that just compiling and enabling FIPS mode doesn't guarantee compliance: you also need to adhere to the requirements of the security policy. Steve. -- Dr Stephen N. Henson. Senior Technical/Cryptography Advisor, Open Source Software Institute: www.oss-institute.org OpenSSL Core team: www.openssl.org