httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <wr...@rowe-clan.net>
Subject Re: [users@httpd] FIPS 140_2 compliant for mod_proxy?
Date Wed, 03 Mar 2010 17:11:14 GMT
On 3/3/2010 8:34 AM, Mike Trent wrote:
> 
> Unfortunatley restricting the algorithms to FIPS compliant algorithms in the
> apache configs is not good enough to claim FIPS 140-2 compliance. The
> openSSL library 'must' be running in FIPS mode. It is a requirement of FIPS
> 140-2 that the module doing the cryptographic functions is a FIPS
> 'validated' module. When in FIPS mode SSL will automatically restrict the
> algorithms.  Perhaps I need to post this on the openSSL forum instead.

It does more than that.  It invokes validated implementations of those specific
algorithms, not the optimized but not FIPS approved implementations that are used
by openssl by default.

Bring it to the attention of dev@, or more specifically, raise an issue on the
httpd bugzilla against 2.2.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message