[openssl-users] Apache (2.x) server and OpenSSL FIPS modules

Wall, Stephen swall at redcom.com
Thu Jan 21 13:26:05 UTC 2016

See http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslfips for using the OpenSSL fipscontainer with apache.

From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of security veteran
Sent: Monday, January 18, 2016 9:21 PM
To: openssl-users at openssl.org
Subject: [openssl-users] Apache (2.x) server and OpenSSL FIPS modules


We will be using OpenSSL FIPS modules on our Linux server and was wondering if we need to do any work on the Apache server in order to make it working seamlessly with OpenSSL when the FIPS mode is enabled.

My questions are:

1) How to make Apache server enable the FIPS mode on OpenSSL? My understanding is, for each application which need use OpenSSL FIPS mode, the application need to invoke the FIPS_mode_set () API. In that case how do we make Apache to invoke this API? Is that a configuration changes or does it require to rebuild Apache server?

2) If Apache is enabled with FIPS module, does it mean all the Apache processes (when invoking crypto functions from OpenSSL) will be operating with the OpenSSL FIPS mode?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160121/e339f736/attachment.html>

More information about the openssl-users mailing list