Classification: UNCLASSIFIED Caveats: NONE Related? http://rt.openssl.org/Ticket/Display.html?id=1278&user=guest&pass=guest
--- Dwight Victor (Contractor), CISSP, RHCT, SCSECA DISA-PAC EMSS Gateway Hawaii EMAIL: dwight.victor....@disa.mil TEL: (808) 653-3677 ext 229 -----Original Message----- From: ja...@nixsecurity.org [mailto:ja...@nixsecurity.org] Sent: Thursday, November 11, 2010 9:01 AM To: users@httpd.apache.org Subject: [us...@httpd] SSLFIPS Directive Apache 2.2.17 OpenSSL 0.9.8n FIPS PHP 5.3.2 libssh2 1.2.6 So, I have a web application where the front-end is Flex/AS3 and the back-end is a mix of PHP/C. PHP is compiled with the libssh2 library and the pecl extension to enable the ssh2 functionality. I use the ssh2 functions within PHP for communication between systems. For instance, the interface allows you to add another product of ours for communication with our primary product. Communication works via SSH, I'm not going to get into the details of that. Anyway, what happens when I introduce the SSLFIPS directive into my httpd.conf, apache child processes are crashing. This happens even if the directive's value is set to off. However, if I don't introduce the directive, everything works as expected. We are required by government customers to offer FIPS. [Thu Nov 11 13:50:43 2010] [notice] Operating in SSL FIPS mode [Thu Nov 11 13:50:43 2010] [error] Init: Skipping generating temporary 512 bit RSA private key in FIPS mode [Thu Nov 11 13:50:43 2010] [error] Init: Skipping generating temporary 512 bit DH parameters in FIPS mode [Thu Nov 11 13:50:43 2010] [notice] Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8o-fips configured -- resuming normal operations digest.c(151): OpenSSL internal error, assertion failed: Digest update previous FIPS forbidden algorithm error ignored digest.c(151): OpenSSL internal error, assertion failed: Digest update previous FIPS forbidden algorithm error ignored [Thu Nov 11 13:50:58 2010] [notice] child pid 24913 exit signal Aborted (6) [Thu Nov 11 13:50:58 2010] [notice] child pid 24915 exit signal Aborted (6) Any thoughts? --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org " from the digest: users-digest-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org Classification: UNCLASSIFIED Caveats: NONE
smime.p7s
Description: S/MIME cryptographic signature
