On 3/3/2010 8:34 AM, Mike Trent wrote: > > Unfortunatley restricting the algorithms to FIPS compliant algorithms in the > apache configs is not good enough to claim FIPS 140-2 compliance. The > openSSL library 'must' be running in FIPS mode. It is a requirement of FIPS > 140-2 that the module doing the cryptographic functions is a FIPS > 'validated' module. When in FIPS mode SSL will automatically restrict the > algorithms. Perhaps I need to post this on the openSSL forum instead. It does more than that. It invokes validated implementations of those specific algorithms, not the optimized but not FIPS approved implementations that are used by openssl by default. Bring it to the attention of dev@, or more specifically, raise an issue on the httpd bugzilla against 2.2. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|