Question about OpenSSL and FIPS 140-2 module

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I've been tasked to look into FIPS 140-2 "compliance" for our systems, overall, and I know that there's a "FIPS 140-2 module" for OpenSSL, that needs to be built from source and then integrated into OpenSSL by building OpenSSL with the FIPS module.

The User guide goes into how to integrate the resulting OpenSSL(+FIPS module) with applications, and also has an example of doing that.  

What I was wondering is:  Does that mean that EVERY application that we want to have use the OpenSSL(+FIPS module) would have be (slightly) modified and then rebuilt from source?

What about something like Apache?  Would we have to modify the Apache source and rebuild that together with the OpenSSL(+FIPS module)?

Finally, what about COTS products, e.g., WebLogic, for which we cannot obtain the source?  

Thanks,
Jim


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux