You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Petr Hracek <ph...@gmail.com> on 2011/05/23 15:25:24 UTC

[users@httpd] How to check whether apache support FIPS 140-2

Dear users,

I have turn on SSLFIPS on in my apache2 but it returns me following:
Invalid command 'SSLFIPS', perhaps misspelled or defined by a module
not included in the server configuration

Do you know how to check whether apache2 or openssl is build-up with
support of FIPS 140-2.

Thank you in advance

-- 
Best Regards / S pozdravem
Petr Hracek

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

RE: RE: [users@httpd] How to check whether apache support FIPS 140-2

Posted by Geoff Millikan <gm...@t1shopper.com>.

> I thought that FIPS is within mod_ssl, right?

Doubt it:
http://en.wikipedia.org/wiki/OpenSSL#FIPS_140-2_compliance

 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: RE: [users@httpd] How to check whether apache support FIPS 140-2

Posted by Petr Hracek <ph...@gmail.com>.

I thought that FIPS is within mod_ssl, right? Is it necessary to rebuild
apache2 or is it enought to rebuild openssl with FIPS support?

It means that flag SSLFIPS is directly part of apache2 as source code?

Best regards
Petr
Dne 23.5.2011 21:07 "Geoff Millikan" <gm...@t1shopper.com> napsal(a):
> Maybe this?
>
> "If httpd was compiled against an SSL library which did not support the
FIPS_mode flag, SSLFIPS on will fail."
>
> http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslfips
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>

RE: [users@httpd] How to check whether apache support FIPS 140-2

Posted by Geoff Millikan <gm...@t1shopper.com>.

Maybe this?

"If httpd was compiled against an SSL library which did not support the FIPS_mode flag, SSLFIPS on will fail."

http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslfips



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org