-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chris,
On 1/7/2011 4:24 PM, Chris Beckey wrote: > I need to run a FIPS 140-2 certified SSL/TLS implementation under > Tomcat 6.0.20. I have OpenSSL configured and running but I cannot > find a way to set FIPS mode in OpenSSL. I don't think there's any way to configure OpenSSL via Tomcat other than to specify the ciphers that OpenSSL will use for SSL. > From the OpenSSL > documentation it should be as simple as making a call to > FIPS_mode_set(), probably from within the AprLifecycleListener but I > can't find a configuration option nor any indication that > FIPS_mode_set() method is visible in the tcnative library or JNI > wrapper. I can't find the string "fips" (case-insensitive) anywhere in the tomcat-native code, so it must not be exposed. > Question is, has anyone run OpenSSL under Tomcat in FIPS > mode? Any help would be appreciated. If you know the ciphers allowed by FIPS, you can just specify them in your <Connector> configuration. Is that acceptable, or do you absolutely need to have FIPS mode set? (I understand these things are sometimes non-negotiable). It doesn't look like it would be a big deal to add some code to allow FIPS mode via the APR connector with OpenSSL. Would you be willing to test some of that code? - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk0skOUACgkQ9CaO5/Lv0PDhHACfXKvxsXyow99+flTQbLyXO0Du yS0AoJYy+kEzl1bylVNff7IyO52zjesa =9VrF -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
