Re: FIPS 140_2 compliant for mod_proxy?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Thanks for the response.

Yes, we are running apache acting as an SSL client. And yes I am saying that
apache is running as a proxy that forwards towards an HTTPS server.

It does communicate in SSL so there is no issue with the SSL directives in
the config. But for your interest here are the pertinent lines we have in
the proxy.conf file:

        SSLProxyEngine on
        SSLProxyProtocol all

The issue is FIPS 140-2 compliance. As a server, apache runs SSL in FIPS
140-2 compliance, but does not run SSL in FIPS 140-2 compliance as a client.
As stated in the early post the FIPS 140-2 patch was applied but does not
seem to have an affect on apache when acting as a client as a proxy.

This is a FIPS 140-2 compliance issue not an SSL issue. The SSL
communication is fine.

Thank you.





Krist van Besien wrote:
> 
> I would love to help you, but I need more information from you in
> order to do so. I have trouble finding out what it is exactly that you
> are trying to achieve, and in what way, because the context fail.
> Precise language us usefull. I have trouble trying to imagine what you
> mean with "running in proxy mode" and "via mod_proxy". That is where
> the exact language of a config file helps.
> So please, just post us the SSL part of your config, and we may be
> able to point out to you what you need to modify.
> 
>> SSL - as a client via mod_proxy - not FIPS compliant
> 
> Are you saying that apache is here acting as an SSL client in an non -
> FIPS compliant way? ie. apache is here used by you as a proxy that
> forwards towards an https server? In that case have a look at the
> SSLProxy* directives.
> 
> Krist
> 
> 

-- 
View this message in context: http://old.nabble.com/FIPS-140_2-compliant-for-mod_proxy--tp27748496p27768701.html
Sent from the Apache HTTP Server - Users mailing list archive at Nabble.com.


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux