[openssl-users] Apache (2.x) server and OpenSSL FIPS modules

security veteran security.veteran at gmail.com
Tue Jan 19 02:21:18 UTC 2016


We will be using OpenSSL FIPS modules on our Linux server and was wondering
if we need to do any work on the Apache server in order to make it working
seamlessly with OpenSSL when the FIPS mode is enabled.

My questions are:

1) How to make Apache server enable the FIPS mode on OpenSSL? My
understanding is, for each application which need use OpenSSL FIPS mode,
the application need to invoke the FIPS_mode_set () API. In that case how
do we make Apache to invoke this API? Is that a configuration changes or
does it require to rebuild Apache server?

2) If Apache is enabled with FIPS module, does it mean all the Apache
processes (when invoking crypto functions from OpenSSL) will be operating
with the OpenSSL FIPS mode?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160118/ae156772/attachment.html>

More information about the openssl-users mailing list