A fair bit of work has been done to mod_nss, an SSL module for Apache
that uses NSS instead of OpenSSL, since it was released last September.
Changes since then include use the NSS OCSP client, addition of a FIPS
mode (similar to modutil -fips true -dbdir /path/to/database), options
to seed the NSS Random Number Generator, support for Apache 2.2 as well
as a number of important bug fixes.
If anyone is interested in trying this out I've created RPMS for RHEL 4
and Fedora Core 4 and 5. It should be as simple as installing a couple
of RPMS and firing up Apache. The default listener is 8443 since I don't
want it to interfere with any existing OpenSSL configuration. mod_nss
can co-exist with mod_ssl in the same server.
You can find out more about mod_nss and download the binaries and/or
source from http://directory.fedora.redhat.com/wiki/Mod_nss
cheers
rob
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
