httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Krist van Besien <krist.vanbes...@gmail.com>
Subject Re: [users@httpd] FIPS 140_2 compliant for mod_proxy?
Date Wed, 03 Mar 2010 14:21:48 GMT
On Wed, Mar 3, 2010 at 3:12 PM, Mike Trent <Michael.Trent@xerox.com> wrote:

> The issue is FIPS 140-2 compliance. As a server, apache runs SSL in FIPS
> 140-2 compliance, but does not run SSL in FIPS 140-2 compliance as a client.
> As stated in the early post the FIPS 140-2 patch was applied but does not
> seem to have an affect on apache when acting as a client as a proxy.
>
> This is a FIPS 140-2 compliance issue not an SSL issue. The SSL
> communication is fine.

Of course it could be that when operating as a client Apache assumes
that it is the server it communicates with that will enforce FIPS
compliance. However, you can probably make it compliant by restricting
the cyphers it will use as a client. That is why I suggested you look
in to the possibilitiess the SSLProxy* directives offer. If you
consult the mod_ssl documentation you will see that there is a
directive  SSLProxyCipherSuite, that you can use to limit the ciphers
offered in the HELLO packet.


Krist

-- 
krist.vanbesien@gmail.com
krist@vanbesien.org
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message