httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <>
Subject Re: [users@httpd] Is Apache2.2 FIPS compliant?
Date Sat, 12 Jan 2008 15:37:48 GMT
On Jan 12, 2008 10:08 AM, Jeff McAdams <> wrote:
> Victor Trac wrote:
> > On Jan 12, 2008 3:34 PM, robingandhi21 <> wrote:
> >> Please let me know if anybody have any idea of Apache2.2 being FIPS
> >> compliant?
> > FIPS deals with encryption standards, not http service.  Certain
> > versions of OpenSSL are FIPS compliant, so as long as you use a
> > certified version of OpenSSL in Apache, I suppose you are compliant.
> That's not completely true.
> There is some requirement that the apps that use the cryptographic
> modules use them in "the right way".  So its not just a matter of
> slapping a certified OpenSSL in there.  Alas, I don't know specifics of
> what "the right way" consists of...the office of our security-focused
> guy that really knows this stuff shares a wall with mine, but its not
> me, so I'm not up on all the specifics.

There were people working on a certified Apache httpd + OpenSSL. I'm
not sure what the result was, but searching the archives of the list for FIPS will surely turn up something


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message