You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2006/06/23 22:25:10 UTC
DO NOT REPLY [Bug 39894] New: - merge FIPS branch
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39894>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39894
Summary: merge FIPS branch
Product: Apache httpd-2
Version: 2.2-HEAD
Platform: All
URL: http://oss-institute.org/fips-faq.html
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: mod_ssl
AssignedTo: bugs@httpd.apache.org
ReportedBy: asf@divinehawk.com
I request that the fips-dev branch be further developed and merged.
OpenSSL is now FIPS-certified. It would be nice to have the option to build it
to be FIPS-compliant.
The IBM httpd server includes FIPS compliant mode, it would be nice if Apache
did the same.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 39894] - merge FIPS branch
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39894>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39894
------- Additional Comments From wrowe@apache.org 2006-06-25 22:09 -------
And just to add further clarification, the effort includes replacing all FIPS
related algorithms in apr-util with stubs to the FIPS-validated crypto module,
e.g. OpenSSL's implementation of SHA-1 etc, and disabling FIPS disallowed
algorithms such as MD4 and MD5 when running in FIPS mode.
Parts of the HTTP/1.1 protocol itself will be problematic without MD5 support,
which is why the reporter shouldn't expect an 'instant answer'. Well, that
and the lag between OpenSSL FIPS-1.0 - which they have withdrawn their validation
of, and the forthcoming FIPS-1.1 to better isolate the boundry of FIPS-validated
functionality.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 39894] - merge FIPS branch
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39894>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39894
wrowe@apache.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
------- Additional Comments From wrowe@apache.org 2006-06-24 18:51 -------
Sorry, bugs is -not- an appropriate forum for a request as abstract as this.
If you have anything to contribute to the effort Matt, dev@httpd.apache.org is
the development list where such topics are discussed.
As apr itself introduces many FIPS issues, and if IBM HTTP Server is using
'stock' APR, it already propogates these issues, and you would be comparing
oranges to apples.
There is a layered effort starting at dev@apr.apache.org to resolve FIPS
conformance issues. Please don't use bugzilla to track an issue this complex.
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
DO NOT REPLY [Bug 39894] - merge FIPS branch
Posted by bu...@apache.org.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=39894>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=39894
------- Additional Comments From trawick@apache.org 2006-06-25 12:50 -------
>As apr itself introduces many FIPS issues, and
>if IBM HTTP Server is using 'stock' APR,
just FYI... what IBM HTTP Server provides w.r.t. FIPS is a setting in its SSL
module which uses informs the IBM security library to activate only
FIPS-approved ciphers/protocols. using its certified cipher implementation...
the FIPS capability doesn't extend any further...
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org