httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Trent <>
Subject Re: [users@httpd] FIPS 140_2 compliant for mod_proxy?
Date Wed, 03 Mar 2010 14:34:51 GMT

Unfortunatley restricting the algorithms to FIPS compliant algorithms in the
apache configs is not good enough to claim FIPS 140-2 compliance. The
openSSL library 'must' be running in FIPS mode. It is a requirement of FIPS
140-2 that the module doing the cryptographic functions is a FIPS
'validated' module. When in FIPS mode SSL will automatically restrict the
algorithms.  Perhaps I need to post this on the openSSL forum instead.

Thanks again.

Krist van Besien wrote:
> Of course it could be that when operating as a client Apache assumes
> that it is the server it communicates with that will enforce FIPS
> compliance. However, you can probably make it compliant by restricting
> the cyphers it will use as a client. That is why I suggested you look
> in to the possibilitiess the SSLProxy* directives offer. If you
> consult the mod_ssl documentation you will see that there is a
> directive  SSLProxyCipherSuite, that you can use to limit the ciphers
> offered in the HELLO packet.
> Krist
> -- 
> Bremgarten b. Bern, Switzerland
> --

View this message in context:
Sent from the Apache HTTP Server - Users mailing list archive at

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message