On Wed, Mar 3, 2010 at 3:12 PM, Mike Trent <Michael.Trent@xxxxxxxxx> wrote: > The issue is FIPS 140-2 compliance. As a server, apache runs SSL in FIPS > 140-2 compliance, but does not run SSL in FIPS 140-2 compliance as a client. > As stated in the early post the FIPS 140-2 patch was applied but does not > seem to have an affect on apache when acting as a client as a proxy. > > This is a FIPS 140-2 compliance issue not an SSL issue. The SSL > communication is fine. Of course it could be that when operating as a client Apache assumes that it is the server it communicates with that will enforce FIPS compliance. However, you can probably make it compliant by restricting the cyphers it will use as a client. That is why I suggested you look in to the possibilitiess the SSLProxy* directives offer. If you consult the mod_ssl documentation you will see that there is a directive SSLProxyCipherSuite, that you can use to limit the ciphers offered in the HELLO packet. Krist -- krist.vanbesien@xxxxxxxxx krist@xxxxxxxxxxxxx Bremgarten b. Bern, Switzerland -- A: It reverses the normal flow of conversation. Q: What's wrong with top-posting? A: Top-posting. Q: What's the biggest scourge on plain text email discussions? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|