The official version of OpenSSL works fine when compiled against the
upstream FIPS module.
Yes, It's distribution specific and reverting the file fixed the issue.
Thanks for your time.
Regards,
Abdul
On 13-Aug-14 7:02 PM, Dr. Stephen Henson wrote:
On Wed, Aug 13, 2014, Abdul Anshad wrote:
On Wed, Aug 13, 2014, Abdul Anshad wrote:
> I use the src rpm downloaded from
> http://koji.fedoraproject.org/koji/buildinfo?buildID=551423 .
>
> Inquired about this issue with one of the package maintainers from
> koji.fedoraproject.org and following was his comment.
>
> "Apparently the Known a
Aug 11 14:39:24.428656 2014] [ssl:emerg] [pid 380] SSL Library
Error: error:2D06D075:FIPS routines:fips_pkey_signature_test:test
failure (Type=RSA SHA1 X931)
[Mon Aug 11 14:39:24.428663 2014] [ssl:emerg] [pid 380] AH02312:
Fatal error initialising mod_ssl, exiting.
AH00016: Configuration Fai
80] AH01232:
> suEXEC mechanism enabled (wrapper: /apps/apache/2.4.10/bin/suexec)
> [Mon Aug 11 14:39:24.428616 2014] [ssl:emerg] [pid 380] AH01885:
> FIPS mode failed
> [Mon Aug 11 14:39:24.428656 2014] [ssl:emerg] [pid 380] SSL Library
> Error: error:2D06D075:FIPS routines:fips_pkey_sig
On Tue, Aug 12, 2014, Thulasi Goriparthi wrote:
> $ openssl genrsa 2048 > key.pem
> $ openssl req -new -x509 -key key.pem -out cert.pem -sha256
>
You also need to set the environment variable OPENSSL_FIPS=1 so the operations
are performed in FIPS mode.
Steve.
--
Dr Stephen N. Henson. OpenSSL pr
t;> [Mon Aug 11 14:39:24.407781 2014] [suexec:notice] [pid 380] AH01232:
>>> suEXEC
>>> mechanism enabled (wrapper: /apps/apache/2.4.10/bin/suexec)
>>> [Mon Aug 11 14:39:24.428616 2014] [ssl:emerg] [pid 380] AH01885: FIPS
>>> mode
>>> failed
>>> [M
apache/2.4.10/bin/suexec)
[Mon Aug 11 14:39:24.428616 2014] [ssl:emerg] [pid 380] AH01885: FIPS mode
failed
[Mon Aug 11 14:39:24.428656 2014] [ssl:emerg] [pid 380] SSL Library Error:
error:2D06D075:FIPS routines:fips_pkey_signature_test:test failure (Type=RSA
SHA1 X931)
[Mon Aug 11 14:39:2
On Tue, Aug 12, 2014 at 11:24:40AM +0530, Thulasi Goriparthi wrote:
> $ openssl genrsa 2048 > key.pem
Don't forget "umask 077" before that. Otherwise, the key file is often
world-readable. With AFS, "fs setacl . ..." to restrict access to the
containing directory.
--
Viktor.
_
; to start the http server with FIPS mode i get the following error.
>>>
>>> [Mon Aug 11 14:39:24.407781 2014] [suexec:notice] [pid 380] AH01232:
>>> suEXEC
>>> mechanism enabled (wrapper: /apps/apache/2.4.10/bin/suexec)
>>> [Mon Au
)
[Mon Aug 11 14:39:24.428616 2014] [ssl:emerg] [pid 380] AH01885: FIPS
mode failed
[Mon Aug 11 14:39:24.428656 2014] [ssl:emerg] [pid 380] SSL Library
Error: error:2D06D075:FIPS routines:fips_pkey_signature_test:test
failure (Type=RSA SHA1 X931)
[Mon Aug 11 14:39:24.428663 2014] [ssl:emerg] [pid
the second server I`m getting
the following error message:
[client 132.176.162.117] SSL library error 1 in handshake [Wed Aug 27 09:32:12
2008] [info] SSL Library Error:
336130329 error:1408F119:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac [Wed Aug 27
09:32:12 2008
Hello,
> The system is 11.11. I'm *pretty* sure everything has been compiled
> with gcc. I'm compiling apache with gcc, but OpenLDAP and Openssl might
> have been compiled with something different. The apache install that
> works was definitely also compiled with gcc and uses the same install of
penSSL and OpenLDAP. There is no lsof on this system, but I might be
able to track down a copy.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola
Sent: Wednesday, September 12, 2007 11:43 AM
To: openssl-users@openssl.org
Subject: RE: SSL Lib
Hello,
I've missed that this is on hpux11.
Very important is what version you have: hpux1100, hpux,
hpux1123ia, hpux1123pa, hpux1131ia or hpux1131pa ?
> I added --with-ssl=/usr/local to the the configure options and
> recompiled. Although mod_ldap is still unhappy, that corrects the
> unresol
f Marek Marcola
Sent: Wednesday, September 12, 2007 9:41 AM
To: openssl-users@openssl.org
Subject: RE: SSL Library Error
Hello,
> Well, I recompiled AGAIN with no mention of the 0.9.8 library in any
of
> my environment variables. The resulting httpd binary showed no links
to
> the 0.9.8 li
Hello,
> Well, I recompiled AGAIN with no mention of the 0.9.8 library in any of
> my environment variables. The resulting httpd binary showed no links to
> the 0.9.8 libraries, just 0.9.7 (the system OS libraries). THIS one
> won't even start. I get an error of:
>
> /usr/lib/dld.sl: Unresolved
ssage-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Victor Duchovni
Sent: Tuesday, September 11, 2007 4:12 PM
To: openssl-users@openssl.org
Subject: Re: SSL Library Error
On Tue, Sep 11, 2007 at 03:34:13PM -0400, Aaron Smith wrote:
> Looking at the output of LDD closer,
On Tue, Sep 11, 2007 at 04:15:47PM -0400, Aaron Smith wrote:
> I'll see if I can figure out what's causing apache to link to 0.9.7. As
> far as I know, I've got all my environment variables set to look at the
> 0.9.8 libraries. It seems odd that the original compile would work
> though.
On any
EMAIL PROTECTED] On Behalf Of Victor Duchovni
Sent: Tuesday, September 11, 2007 4:12 PM
To: openssl-users@openssl.org
Subject: Re: SSL Library Error
On Tue, Sep 11, 2007 at 03:34:13PM -0400, Aaron Smith wrote:
> Looking at the output of LDD closer, it looks like the httpd binary is
> lin
On Tue, Sep 11, 2007 at 03:34:13PM -0400, Aaron Smith wrote:
> Looking at the output of LDD closer, it looks like the httpd binary is
> linked to both libraries. BUT, I don't think this is the cause of the
> problem as the httpd binary that DOES work is ALSO linked this way
Being linked to b
4e 00-00 00 10 .gN
This looks like SSL2 client hello with TLS1 proposition.
> [Tue Sep 11 10:10:43 2007] [info] SSL library error 1 in handshake
> (server ourserver.name.scrubbed:8040, client )
>
> [Tue Sep 11 10:10:43 2007] [info] SSL Library Error: 3360
@openssl.org
Subject: RE: SSL Library Error
Looking at the output of LDD closer, it looks like the httpd binary is
linked to both libraries. BUT, I don't think this is the cause of the
problem as the httpd binary that DOES work is ALSO linked this way
-Original Message-
From: [
D] On Behalf Of Victor Duchovni
Sent: Tuesday, September 11, 2007 1:57 PM
To: openssl-users@openssl.org
Subject: Re: SSL Library Error
On Tue, Sep 11, 2007 at 01:43:50PM -0400, Aaron Smith wrote:
> I apologize in advance if this is not the correct forum for this
> question. I haven't had
On Tue, Sep 11, 2007 at 01:43:50PM -0400, Aaron Smith wrote:
> I apologize in advance if this is not the correct forum for this
> question. I haven't had much luck in the apache forums. I have an
> apache 2.0.55 installation that I'm attempting to recompile on an HP-UX
> 11 system. It has mod_
_io.c(1490):
+---
--+
[Tue Sep 11 10:10:43 2007] [info] SSL library error 1 in handshake
(server ourserver.name.scrubbed:8040, client )
[Tue Sep 11 10:10:43 2007] [info] SSL Library Error: 336027900
error:14
SSLv3 read certificate verify A
> >[Fri Sep 07 16:54:46 2007] [info] SSL library error 1 in handshake
> >(server naos.lib.virginia.edu:443, client 128.143.12.29)
> >[Fri Sep 07 16:54:46 2007] [info] SSL Library Error: 336187530
> >error:1409D08A:SSL routines:SSL3_SETUP_KEY_BL
connection, encounter this (in part), and the connection drops:
[Fri Sep 07 16:54:46 2007] [debug] ssl_engine_kernel.c(1813): OpenSSL:
Exit: error in SSLv3 read certificate verify A
[Fri Sep 07 16:54:46 2007] [info] SSL library error 1 in handshake
(server naos.lib.virginia.edu:443, client
connection, encounter this (in part), and the connection drops:
[Fri Sep 07 16:54:46 2007] [debug] ssl_engine_kernel.c(1813): OpenSSL:
Exit: error in SSLv3 read certificate verify A
[Fri Sep 07 16:54:46 2007] [info] SSL library error 1 in handshake
(server naos.lib.virginia.edu:443, client
AIL PROTECTED]>@openssl.org on 06/04/2005
21.50.01
Please respond to openssl-users@openssl.org
Sent by:[EMAIL PROTECTED]
To:
cc:
Subject:SSL Library Error
Hi List,
can anyone point me to a solution for this ?
[Sat Apr 09 16:14:30 2005] [info] SSL library error 1 in handshake (ser
Hi List,
can anyone point me to a solution for this ?
[Sat Apr 09 16:14:30 2005] [info] SSL library error 1 in handshake (server
muc03306:443, client 149.235.163.228)
[Sat Apr 09 16:14:30 2005] [info] SSL Library Error: 336131157
error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or
Vladimir Litovka <[EMAIL PROTECTED]>:
> [Sun Sep 26 09:42:38 1999] [error] OpenSSL: error:0B080074:x509 certificate
> routines:X509_check_private_key:key values mismatch
>
> What does it mean?
Possible you installed the CA certificate instead of the certificate
created for your server (use "op
Hello!
Hello!
I'm trying to use Apache with mod_ssl but there is error, which Apache get
from OpenSSL library. The problem is: I've got signed certificates from
Thawte, but Apache doesn't start, when these .key&.crt used. There are
such messages in the error:
[Sun Sep 26 09:42:38 1999] [err
32 matches
Mail list logo
