You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Christopher Schultz <ch...@christopherschultz.net> on 2012/02/13 22:33:47 UTC
Re: [OT] migrating Tomcat 5.5 SSL Connector to 7.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mark,
On 1/6/12 7:05 PM, Mark Lim wrote:
> We are in the process of upgrading Tomcat 5.5 to Tomcat 7.0.
> These Tomcat deployments use a custom FIPS 140-2 certified JSSE
> implementation for their SSL Connectors.
In case you are interested, Tomcats 7.0.23 and 6.0.36 (along with
tcnative 1.1.23) are capable of going into FIPS-mode with an
appropriately-build openssl. If such things interest you, please let
me know and we can help you get set up.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk85gbsACgkQ9CaO5/Lv0PD9tgCgqcXtTAmZ4nzQwf5+AIrU3b2S
cMMAn1O+S7qghZWFKUxE0riI4CHV6IQb
=FHSn
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: [OT] migrating Tomcat 5.5 SSL Connector to 7.0
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mark,
On 2/13/12 4:45 PM, Mark Lim wrote:
> Thanks for offering, but we're already in certification. When
> recertification comes up we'll certainly consider consolidating
> security modules.
Okay. Well, if you're willing to put our code into testing, it would
give us some good data points. We essentially applied a
heavily-modified set of patches from a contributor who was using an
old version and kind of hacked it together.
I cleaned it up and committed it to Tomcat and tcnative, but I don't
have a good environment in which to test it: all I can verify is that
OpenSSL appears to have gone into FIPS mode and didn't complain. If
you have a battery of tests you could run against it, it would be very
helpful just to validate the work done thus far.
Alternatively, if you have some kind of test suite that could be used,
I wouldn't mind performing the actual testing myself.
Thanks,
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk85h08ACgkQ9CaO5/Lv0PDLZACeLn6fY2TGzuflkK5wtgEzau8D
ybkAoIHxmYzgGAtXUna9NGc41yK3P9ow
=7b+d
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: [OT] migrating Tomcat 5.5 SSL Connector to 7.0
Posted by Mark Lim <ma...@symantec.com>.
Thanks for offering, but we're already in certification. When
recertification comes up we'll certainly consider consolidating security
modules.
On 2/13/12 1:33 PM, "Christopher Schultz" <ch...@christopherschultz.net>
wrote:
>* PGP Signed by an unknown key
>
>Mark,
>
>On 1/6/12 7:05 PM, Mark Lim wrote:
>> We are in the process of upgrading Tomcat 5.5 to Tomcat 7.0.
>> These Tomcat deployments use a custom FIPS 140-2 certified JSSE
>> implementation for their SSL Connectors.
>
>In case you are interested, Tomcats 7.0.23 and 6.0.36 (along with
>tcnative 1.1.23) are capable of going into FIPS-mode with an
>appropriately-build openssl. If such things interest you, please let
>me know and we can help you get set up.
>
>-chris
>
>* Unknown Key
>* 0xF2EFD0F0(L)
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org