https://issues.apache.org/bugzilla/show_bug.cgi?id=46270
Summary: Add FIPS 140-2 mode for mod_ssl for FIPS 1.2 module.
Product: Apache httpd-2
Version: 2.3-HEAD
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: mod_ssl
AssignedTo: [email protected]
ReportedBy: [EMAIL PROTECTED]
Created an attachment (id=22917)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=22917)
Add SSLFIPS option.
This patch adds FIPS 140-2 support for mod_ssl when used with the newly
validated 1.2 OpenSSL FIPS module.
A single boolean option SSLFIPS is added. When set FIPS 140-2 mode is enabled.
Note that this option by itself does not guarantee FIPS 140-2 compliance, the
security policy must also be adhered to.
This option is only available if Apache is compiled against an appropriate
version of OpenSSL which has been linked to the validated module. Currently
only OpenSSL 0.9.8-stable snapshots include the necessary functionality.
OpenSSL 0.9.8j will be the first official release.
Typically compiling against appropriate headers and linking to an FIPS capable
shared library will be required.
This option disables generation of temporary keys smaller than 1024 bits
because keys smaller than 1024 bits are prohibited in FIPS mode.
If compiled against a non-FIPS capable OpenSSL or when the SSLFIPS option is
not set it will have no effect.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
