|
Thanks, but I do NOT think that just building apache with with a fips openssl is enough. I think the module (mod_ssl?) must use the FIPS 140-2 mode... it is an option... Anyone else actually know how to certify that apache and ssl are FIPS 140-2 certified? Sam > Date: Tue, 19 May 2009 08:30:16 +0200 > From: uhlar@xxxxxxxxxxx > To: users@xxxxxxxxxxxxxxxx > Subject: Re: [users@httpd] Where is the HOW-TO for creating a FIPS 140-2 Apache 2.2.x ? > > On 15.05.09 09:13, Sam theman wrote: > > I can install the openssl FIP version, but how do you config apache and > > mod_ssl to build and use FIPS ? > > I think that only including FIPS ciphers should be enough. > However the only list I found on > http://www.mozilla.org/projects/security/pki/nss/ssl/fips-ssl-ciphersuites.html > is documented to be obsolete... > > -- > Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > Chernobyl was an Windows 95 beta test site. > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > Hotmail® has a new way to see what's up with your friends. Check it out. |
|