-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lesley and Rémy,
On 2/12/16 5:50 PM, Rémy Maucherat wrote: > 2016-02-12 23:32 GMT+01:00 Lesley Kimmel > <lesley.j.kim...@gmail.com>: > >> Thanks, Chris and Remy. Your comments got me thinking about >> something I hadn't considered...EPEL. tc-native is available on >> EPEL as tomcat-native. It turns out that this may not need to be >> compiled against a FIPS-capable OpenSSL so long as the OpenSSL >> installation on the target system is FIPS-capable. I installed >> this package and set 'FIPSMode="on"' for the APRLifecycleListener >> and I can see in catalina-<data>.log: >> >> INFO: Initializing FIPS mode... Feb 12, 2016 10:28:49 PM >> org.apache.catalina.core.AprLifecycleListener initializeSSL INFO: >> Successfully entered FIPS mode > > Nice. Double nice. That's about as easy as it could have been, eh? > On the distributions, there's never any static linking for > libraries. Of course, it can cause compatibility issues, but when > there's an OpenSSL CVE, it's actually more manageable. +1 Glad you got it working, Lesley. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAla+ZqEACgkQ9CaO5/Lv0PA+TACfdcwnLE4eI7ET+VYxrYLHNY0G PnMAoJU7dH2WyuRY6BAy12YsjUFwDBWy =DA3m -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
