https://issues.apache.org/bugzilla/show_bug.cgi?id=46270
--- Comment #3 from Dr Stephen Henson <[EMAIL PROTECTED]> 2008-11-24 10:55:43 PST --- (In reply to comment #1) > Steve... > > when Ben and I each worked on this initially, we came to the conclusion that > httpd+mod_ssl should either be compiled to fips-140 binaries, with all of the > encumberances that places on the implementation, or compiled to the > flexibility > that non-fips offers. > > Do you object if this became a compile-time flag? > Had a bit of feedback on this. Adding a compile-time flag is OK. However making it always-on is likely to cause problems with distros needing to have two binaries. I'd prefer the configuration option is kept too so the same binary can work as FIPS and non-FIPS. The encumberances in the 1.2 FIPS module are rather less than those in the original. Now an application can just link against shared libraries, which otherwise behave in exactly the same way as OpenSSL 0.9.8. In 1.0 and 1.1 shared libraries were not supported and you had to use a special static only link procedure. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
