Re: Is Apache2.2 FIPS compliant?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Victor Trac wrote:
> On Jan 12, 2008 3:34 PM, robingandhi21 <robingandhi21@xxxxxxxxx> wrote:
>> Please let me know if anybody have any idea of Apache2.2 being FIPS
>> compliant?

> FIPS deals with encryption standards, not http service.  Certain
> versions of OpenSSL are FIPS compliant, so as long as you use a
> certified version of OpenSSL in Apache, I suppose you are compliant.

That's not completely true.

There is some requirement that the apps that use the cryptographic
modules use them in "the right way".  So its not just a matter of
slapping a certified OpenSSL in there.  Alas, I don't know specifics of
what "the right way" consists of...the office of our security-focused
guy that really knows this stuff shares a wall with mine, but its not
me, so I'm not up on all the specifics.
-- 
Jeff McAdams
"They that can give up essential liberty to obtain a
little temporary safety deserve neither liberty nor safety."
                                       -- Benjamin Franklin

Attachment: signature.asc
Description: OpenPGP digital signature

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux