httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: [users@httpd] How to build Apache with FIPS mode capable?
Date Tue, 09 Feb 2016 22:59:22 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Rich,

On 2/9/16 4:09 PM, cloud force wrote:
> Yes I do have* *some regulatory requirement to use FIPS and I have
> built the FIPS capable OpenSSL lib.

Where is that library located on the disk?

> I tried to add the "SSLFIPS on" parameter to the httpd.conf config
> file as suggested in the ssl_mod manual page, but the httpd failed
> to start with errors which seemed to due to the fact that my apache
> server was not compiled against an SSL library which support the
> FIPS_mode flag.

Maybe you are getting the system-provided OpenSSL library and not the
one you custom-built.

> I need helps with guidance of how to compile apache server with
> FIPS capable OpenSSL lib so that the Apache server can be operating
> under the OpenSSL FIPS mode.

Recompiling httpd is never needed to switch-out a shared library. You
just need to fix the way the OS loads things.

What OS? What version of that OS? Architecture, etc.?
How did you install httpd?
How did you install OpenSSL (originally)?
Did you build the FIPS-capable OpenSSL library yourself or did you get
it from some other source?
Where is the FIPS-capable OpenSSL library on the disk?
How do you launch httpd?

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAla6b0oACgkQ9CaO5/Lv0PD3wACfWaxX8PA8dhUajcJiHoar12ck
1NoAniETHeQizkhiRLtie+M2RCxuKFAz
=HJr7
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message