We have no problem running mod_proxy over SSL (via mod_ssl). It is the FIPS mode that is our problem. There is a patch that turns on FIPS mode in mod_ssl (listed in my last post) We can run apache as a server for HTTPS (SSL) in FIPS mode. However when communicating over HTTPS (SSL) via mod_proxy - mod_ssl is not running FIPS mode. This can be verified by running a line trace and seeing that the TLS handshaking client HELLO packet presents a cipher suite that includes non FIPS compliant algorithms (RC4 for example). While running in server mode (not using mod_proxy) FIPS is enabled properly. This can be seen in the TLS server HELLO which presents only FIPS compliant algorithms such as 3DES. i.e. SSL - as a server -FIPS compliant SSL - as a client via mod_proxy - not FIPS compliant Thanks. -- View this message in context: http://old.nabble.com/FIPS-140_2-compliant-for-mod_proxy--tp27748496p27756000.html Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|