On 03/06/2011 15:51, Petr Hracek wrote: > Dear developers, > > I have tried to find out on the web what is the correct way > how to compile http2 so that it will be compliance with FIPS 140-2. > > I have already build up OpenSSL libraries with FIPS and development > files as well. > I have try to run ./configure --with-ssl=<path_to_openSSL_FIPS_libraries> > and it seems to be good but how can I call make? > > like: make CC=fipsld FIPSLD_CC=gcc ? >
If you are linking to the OpenSSL shared libraries you don't need to do anything special at all. It is only if you do a static build that you need to use the fipsld script. You can test the build by enabling FIPS mode in the configuration file: the log file should confirm it is in FIPS mode. In that mode you shouldn't be able to connect with a non-FIPS ciphersuite such as one including RC4. Note that just compiling and enabling FIPS mode doesn't guarantee compliance: you also need to adhere to the requirements of the security policy. Steve. -- Dr Stephen N. Henson. Senior Technical/Cryptography Advisor, Open Source Software Institute: www.oss-institute.org OpenSSL Core team: www.openssl.org
