OpenSSL FIPS status

[Jason Jones <ja...@ciscoinc.com>]

Can I ask what the status is on utilizing OpenSSL's FIPS mode with
mod_ssl?

Thanks,

Jason Jones 

Re: mod_aspdotnet status? (was RE: OpenSSL FIPS status)

["William A. Rowe, Jr." <wr...@rowe-clan.net>]

James Park (pencil_ethics) wrote:
> mod_aspdotnet lives! Does this mean I should update my (presently rather
> dated) patch that provides .NET 2.0 support against the new code?
> As an aside, I managed to rid the code of that ugly _gcA_gcA_gcString.cs
> file :)

OT :)  Yes' would entirely greet anyone interested in hacking mod_aspdotnet2
over at sourceforge, join the dev list, of course :)

Re: mod_aspdotnet status? (was RE: OpenSSL FIPS status)

["James Park (pencil_ethics)" <pe...@gmail.com>]

William A. Rowe, Jr. wrote:
> Trent Nelson wrote:
>> William A. Rowe, Jr. [mailto:wrowe@rowe-clan.net]:
>>> And I had also just finished the non-ASF release of current
>>> mod_aspdotnet code, removing the final nail from that coffin.
>> Hmmmm, has this been publicized anywhere?  Can you point me to its new
>> non-ASF home?
> 
> Was crossposted to the users@httpd list.
> 
> http://mail-archives.apache.org/mod_mbox/httpd-users/200703.mbox/ajax/%3c45E7CF7C.5080708@rowe-clan.net%3e
> 
mod_aspdotnet lives! Does this mean I should update my (presently rather
dated) patch that provides .NET 2.0 support against the new code?
As an aside, I managed to rid the code of that ugly _gcA_gcA_gcString.cs
file :)

Re: mod_aspdotnet status? (was RE: OpenSSL FIPS status)

["William A. Rowe, Jr." <wr...@rowe-clan.net>]

Trent Nelson wrote:
> William A. Rowe, Jr. [mailto:wrowe@rowe-clan.net]:
>> And I had also just finished the non-ASF release of current
>> mod_aspdotnet code, removing the final nail from that coffin.
> 
> Hmmmm, has this been publicized anywhere?  Can you point me to its new
> non-ASF home?

Was crossposted to the users@httpd list.

http://mail-archives.apache.org/mod_mbox/httpd-users/200703.mbox/ajax/%3c45E7CF7C.5080708@rowe-clan.net%3e

mod_aspdotnet status? (was RE: OpenSSL FIPS status)

[Trent Nelson <tn...@onresolve.com>]

William A. Rowe, Jr. [mailto:wrowe@rowe-clan.net]:
> And I had also just finished the non-ASF release of current
mod_aspdotnet
> code, removing the final nail from that coffin.

Hmmmm, has this been publicized anywhere?  Can you point me to its new
non-ASF home?

Re: OpenSSL FIPS status

["William A. Rowe, Jr." <wr...@rowe-clan.net>]

Jason Jones wrote:
> Can I ask what the status is on utilizing OpenSSL's FIPS mode with
> mod_ssl?

No news from me yet - I've just finished helping migrate mod_ftp out
of incubation into httpd project, and have one more critical patch to
bring it into the 21.1'nd century (EPSV/EPRT implementations).  And
I had also just finished the non-ASF release of current mod_aspdotnet
code, removing the final nail from that coffin.

Ben and I started this, Ben committed the original code around the
planned design of openssl/fips 1.0.0.  From the actual 1.0.0 release
through today, that design evolved.  In the meantime, I have a whole
lot of private hackery in my trees based on commercial FIPS support,
which I'll re-port and bring out during March.  Then the list is likely
to debate the wisdom of supporting MD5 (a dis-approved hash) throughout
the code.  Perhaps even revist where SHA1's eventual demise (2009?)
should be preemptively replaced by SHA2 strength hashes.

It took several years for openssl to get where it is, I hope it isn't
years for us to rigorously follow the Security Policy, but it's not an
overnight sort of thing.

Bill