Hi All, I installed openssl 1.0.1c with FIPS and it works fine.
export OPENSSL_FIPS=1 [root@PC ~]# openssl SHA1 incore SHA1(incore)= b5acba7f6333aafdfe9804d2aebe373c39024bc3 [root@PC ~]# openssl md5 incore Error setting digest md5 139723413960360:error:060A80A3:digital envelope routines:FIPS_DIGESTINIT:disabled for fips:fips_md.c:180: Also, ciphers option shows fewer ciphers. I compiled HTTPD 2.2.24 against this openssl. But HTTPD is not coming up with SSLFIPS on throwing following errors. [Mon Apr 01 19:07:46 2013] [emerg] FIPS mode failed [Mon Apr 01 19:07:46 2013] [emerg] SSL Library Error: 755413103 error:2D06B06F:FIPS routines:FIPS_check_incore_fingerprint:fingerprint does not match Here is the detail of build procedure i followed for httpd. 1)Set Env Variables export INCLUDES="-I/software/common/mod_ssl/mod_ssl-2.8.30-1.3.39/pkg.sslmod" LIBS=-ldl export CPPFLAGS="-I/software/common/openssl/openssl-1.0.1c/include/openssl" export LD_LIBRARY_PATH="/software/common/openssl/openssl-1.0.1c/" 2) ./configure --with-ssl=/software/common/openssl/openssl-1.0.1c --enable-so --enable-ssl --enable-shared=ssl 3) make Which resulted in libmod_ssl.a lib and httpd binary. Symbols in lib and binary are, [root@PC .libs]# nm -n -f 'sysv' libmod_ssl.a | grep FIPS ssl_cmd_SSLFIPS | | U | NOTYPE| | |*UND* ssl_cmd_SSLFIPS |0000000000001130| T | FUNC|000000000000006d| |.text FIPS_mode | | U | NOTYPE| | |*UND* FIPS_mode_set | | U | NOTYPE| | |*UND* [root@PC httpd-2.2.24]# nm -n -f 'sysv' httpd | grep FIPS|grep .rodata FIPS_rodata_start |000000000062ecc0| R | OBJECT|0000000000000010| |.rodata FIPS_hmac_key |000000000062ecd0| r | OBJECT|0000000000000011| |.rodata FIPS_bn_version |000000000062eda0| R | OBJECT|0000000000000036| |.rodata FIPS_rodata_end |000000000063a040| R | OBJECT|0000000000000010| |.rodata Can someone help me with this? Thanks, Cipher -- View this message in context: http://openssl.6102.n7.nabble.com/Apache-2-2-24-doesnt-come-up-with-FIPS-capable-openssl-1-0-1c-tp44630.html Sent from the OpenSSL - Dev mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org