On Mon, Aug 11, 2014, Abdul Anshad wrote: > Hello All, > > I have a set up which runs Apache http-2.4.10 and Openssl-1.0.1i, > when I try to start the http server with FIPS mode i get the > following error. > > [Mon Aug 11 14:39:24.407781 2014] [suexec:notice] [pid 380] AH01232: > suEXEC mechanism enabled (wrapper: /apps/apache/2.4.10/bin/suexec) > [Mon Aug 11 14:39:24.428616 2014] [ssl:emerg] [pid 380] AH01885: > FIPS mode failed > [Mon Aug 11 14:39:24.428656 2014] [ssl:emerg] [pid 380] SSL Library > Error: error:2D06D075:FIPS routines:fips_pkey_signature_test:test > failure (Type=RSA SHA1 X931) > [Mon Aug 11 14:39:24.428663 2014] [ssl:emerg] [pid 380] AH02312: > Fatal error initialising mod_ssl, exiting. > AH00016: Configuration Failed > > Could somebody help me out with this issue ? Thanks in advance. >
Which version of the validated module are you using? That's a POST failure. The usual cause of that is a compiler bug. In the FIPS capable OpenSSL directory (i.e. 1.0.1i in your case) try this: OPENSSL_FIPS=1 util/shlib_wrap.sh apps/openssl md5 /dev/null OPENSSL_FIPS=1 util/shlib_wrap.sh apps/openssl sha1 /dev/null Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org