tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: FIPS mode OpenSSL under Tomcat 6.0
Date Thu, 13 Jan 2011 19:39:08 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chris,

On 1/13/2011 11:45 AM, Chris Beckey wrote:
> Unfortunately this is a non-negotiable issue with the client, I have to run
> in FIPS mode.

Gotcha. Can you run in JSSE FIPS mode until Tomcat supports the
configuration directly?

> Yes, I would be willing to test the addition of a FIPS mode switch to
> Tomcat.

Great. Add yourself to the CC list of the bugzilla enhancement I added
so you can get updates.

> The other option is for myself to make the change.  It has been a
> while since I touched JNI so it would probably be much faster for you to
> make the change.

Heh... you are under the mistaken impression that I'm a great JNI
master. Seriously, though, it ought to be pretty simple: add a flag for
FIPS mode, then make sure the SSLContext knows about it.

> What I found on running JSSE are the following links:

According to markt, JSSE FIPS mode can be configured independently of
Tomcat, so there's nothing in the Tomcat configuration that needs
improvement for that. Only using APR FIPS mode will require such
changes. Please confirm that via comment in bugzilla.

Thanks,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk0vVNwACgkQ9CaO5/Lv0PBN3QCgoLWTTfG/Vnw6C4COQ4RXo0zO
LzEAnRHUYnOu86OpiA+cGbvhZLkJqoE8
=sAFz
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message