Victor Trac wrote: > On Jan 12, 2008 3:34 PM, robingandhi21 <[EMAIL PROTECTED]> wrote: >> Please let me know if anybody have any idea of Apache2.2 being FIPS >> compliant?
> FIPS deals with encryption standards, not http service. Certain
> versions of OpenSSL are FIPS compliant, so as long as you use a
> certified version of OpenSSL in Apache, I suppose you are compliant.
That's not completely true.
There is some requirement that the apps that use the cryptographic
modules use them in "the right way". So its not just a matter of
slapping a certified OpenSSL in there. Alas, I don't know specifics of
what "the right way" consists of...the office of our security-focused
guy that really knows this stuff shares a wall with mine, but its not
me, so I'm not up on all the specifics.
--
Jeff McAdams
"They that can give up essential liberty to obtain a
little temporary safety deserve neither liberty nor safety."
-- Benjamin Franklin
signature.asc
Description: OpenPGP digital signature
