7:21 AM Jerry Blasdel wrote:
> I have several servers configured the same, running Apache
> 2.4X/OpenSSL1.02 fips-enabled.
>
> On one server we periodically get the following errors in the Apache logs:
>
> SSL Library Error: error:xx:FIPS_drbg_generate:selftest failed. In
I have several servers configured the same, running Apache 2.4X/OpenSSL1.02
fips-enabled.
On one server we periodically get the following errors in the Apache logs:
SSL Library Error: error:xx:FIPS_drbg_generate:selftest failed. In
some cases, the server continues to service requests, but in
My problem was that my server certificate was not SHA-256 capable. As
soon as I generated a new server certificate based on an openssl that
supported SHA-256, I was able to communicate with the server.
From: Jerry Blasdel/USA/CSC@CSC
To: openssl-users@openssl.org
Date: 04/03/2014
We have built the following:
httpd-2.4.6
openssl-1.0.1.e
openssl-fips-2.05
for both Windows and Solaris so we can leverage SHA256.
For both environments I have Apache configured with the following:
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
On Windows, this works. I can use a Browser to hit the ser
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit
written agreement or government initiative expressly permitting the use of
e-mail for such purpose.
From: Jerry Blasdel/USA/CSC
To: Steve Marquess
Cc
nt or government initiative expressly permitting the use of
e-mail for such purpose.
From: Steve Marquess
To: openssl-users@openssl.org
Cc: Jerry Blasdel/USA/CSC@CSC
Date: 12/18/2012 09:21 AM
Subject:Re: FIPS enable Apache 2.4.3 with OpenSSL 1.0.1c-fips
On 12/18/2012 08:
IVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery.
NOTE: Regardless of content, this e-mail shall not operate to bind CSC to
any order or other contract unless pursuant to explicit written agreement
government initiative expressly permitting the use of e-mail for such
purpose.
From: Steve Marquess
To: Jerry Blasdel/USA/CSC@CSC
Cc: openssl-users@openssl.org
Date: 12/17/2012 03:20 PM
Subject:Re: FIPS enable Apache 2.4.3 with OpenSSL 1.0.1c-fips
Sent by:owner
s
To: openssl-users@openssl.org
Cc: Jerry Blasdel/USA/CSC@CSC
Date: 12/17/2012 02:59 PM
Subject:Re: FIPS enable Apache 2.4.3 with OpenSSL 1.0.1c-fips
On 12/17/2012 12:32 PM, Jerry Blasdel wrote:
> All,
>
> We are trying to get a FIPS enabled Apache 2.4.3 built with
All,
We are trying to get a FIPS enabled Apache 2.4.3 built with OpenSSL 1.01.
Everything appeared to build correctly but when we try to start Apache
with SSLFIPS on directive we get the following error:
[Mon Dec 17 17:22:15.355149 2012] [mpm_worker:notice] [pid 10612:tid 1]
AH00292: Apache/2
10 matches
Mail list logo