[users@httpd] SSLFIPS Directive

[ja...@nixsecurity.org]

Hello,

After upgrading to Apache 2.2.16, I noticed messages in the error_log indicating that the server was not operating in FIPS mode. After researching this (since it wasn't be publicly available in the release notes for 2.2.16) I discovered the SSLFIPS directive. I'm curious if FIPS mode was even enabled in versions prior to 2.2.16, from testing it appeared the server supported the FIPS ciphers, in previous versions.

Aside from that, I'm encountering an issue with PHP (5.3.2, same issue with 5.3.3), libssh2 (1.2.6), and Apache (2.2.16). This issue is only evident when FIPS is enabled. I have a web application that communicates to a remote host over SSH, however, when attempting to test the connection via the GUI the Apache child process exists with signal Aborted.

digest.c(151): OpenSSL internal error, assertion failed: Digest update previous FIPS forbidden algorithm error ignored

I understand that that means something is using a forbidden algorithm, in this case, I have to believe that it's PHP/libssh2.

Anyway, hoping someone has some insight on this, as far as it being a bug in Apache, I'm not 100% sure if that's the case.

James


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org