On Sun, May 08, 2011 at 02:02:59PM -0600, The Doctor wrote: > Finally got fips to work, however > > 1) In either README or READ.FIPS, please state to compile FIPS, please use > GNU make. BSD make was choking > > 2) openssl version -a yields > > OpenSSL 1.1.0-fips-dev xx XXX xxxx > built on: Sun May 8 10:06:19 MDT 2011 > platform: debug-bsdi-x86-elf > options: bn(64,32) md2(int) rc4(4x,int) des(ptr,risc1,16,long) idea(int) > blowfish(idx) > compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB_SHARED -DZLIB -DOPENSSL_THREADS > -pthread -D_THREAD_SAFE -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -g -O2 -Wall > -DPERL5 -DL_ENDIAN -DTERMIOS -fomit-frame-pointer -O2 -Wall -g > -DOPENSSL_EXPERIMENTAL_JPAKE -DOPENSSL_EXPERIMENTAL_STORE > -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m > -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM > -DGHASH_ASM > > Please fix.
Additional, In Apache 2.2 I get [Sun May 08 15:39:25 2011] [notice] Apache/2.2.17 (Unix) DAV/2 configured -- res uming normal operations [Sun May 08 15:39:47 2011] [error] [client 127.0.0.1] Invalid method in request quit [Sun May 08 16:28:56 2011] [notice] caught SIGTERM, shutting down [Sun May 08 16:29:49 2011] [notice] Operating in SSL FIPS mode [Sun May 08 16:29:49 2011] [error] Init: Skipping generating temporary 512 bit R SA private key in FIPS mode [Sun May 08 16:29:49 2011] [error] Init: Skipping generating temporary 512 bit D H parameters in FIPS mode [Sun May 08 16:29:49 2011] [warn] RSA server certificate CommonName (CN) `ns2.nk .ca' does NOT match server name!? [Sun May 08 16:29:49 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/cont rib/bin/suexec) [Sun May 08 16:29:51 2011] [error] Init: Skipping generating temporary 512 bit R SA private key in FIPS mode [Sun May 08 16:29:51 2011] [error] Init: Failed to generate temporary 1024 bit R SA private key [Sun May 08 16:29:51 2011] [error] SSL Library Error: 755589263 error:2D09608F:F IPS routines:fips_check_rsa_prng:prng strength too low Configuration Failed [Sun May 08 16:31:18 2011] [notice] suEXEC mechanism enabled (wrapper: /usr/cont rib/bin/suexec) [Sun May 08 16:31:20 2011] [notice] Digest: generating secret for digest authent ication ... [Sun May 08 16:31:20 2011] [notice] Digest: done [Sun May 08 16:31:20 2011] [notice] Apache/2.2.17 (Unix) DAV/2 configured -- res uming normal operations All right what needs to be fixed? > > -- > Member - Liberal International This is doc...@nl2k.ab.ca Ici > doc...@nl2k.ab.ca > God, Queen and country! Never Satan President Republic! Beware AntiChrist > rising! > http://twitter.com/rootnl2k http://www.facebook.com/dyadallee > Stop Stephen Harper ! on 2 May 2011 vote ! > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org -- Member - Liberal International This is doc...@nl2k.ab.ca Ici doc...@nl2k.ab.ca God, Queen and country! Never Satan President Republic! Beware AntiChrist rising! http://twitter.com/rootnl2k http://www.facebook.com/dyadallee Stop Stephen Harper ! on 2 May 2011 vote ! ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
