Microsoft FIPS implementation is broken. I tried to use it with the GPO enabled for communication between Postfix mail gateway and Exchange 2007 and it did not work. Troubleshooting revealed the FIPS issue. I called into Microsoft and they are aware of the problem, however they have no plans to fix it. Choices now are to upgrade to Vista and/or Windows 2008 Beta 3 (currently used on M$ web site, and quite stable), unfortunately.
Edward Ray (SecAdmin) CCIE Security, CISSP, GCIA Gold, GCIH Gold, MCSE Security, PE -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bennett, Darren L. Sent: Thursday, August 02, 2007 10:29 AM To: openssl-users@openssl.org Subject: OpenSSL (FIPS) w/Apache on Windows I've been working on compiling mod_ssl.so for use with Apache 2.x on Windows. Following the OpenSSLFips install instructions I am able to build the FIPS modules and then build OpenSSL with those modules. I then compile Apache using the OpenSSL built with the modules and it compiles. Unfortunately, when I start Apache, it loads all modules except mod_ssl.so (it dies on this module). The error I get is "The Apache2.2 service is successfully installed. Testing httpd.conf.... Errors reported here must be corrected before the service can be started. httpd.exe: Syntax error on line 114 of C:/apache/apache2/conf/httpd.conf: Cannot load C:/apache/apache2/modules/mod_ssl.so into server: The operating system can not run %1." I've looked at the dependencies for mod_ssl.so using dependency walker and there are several that come up as unmet. Some of which do exist, but when I try and load them manually from the command line, they do not load (the act as if the OS doesn't recognize them as .dll files). If anyone knows the process to build ssl FIPS support into apache for windows, assistance would be appreciated. If not, can anyone provide guidance on resolving the issues I'm seeing? I am NOT a programmer, so I have limited knowledge in that regard. Thanks Much! Darren Bennett CISSP/Linux Expert/MCSE+I/MCSA/Member-SANS Advisory Board SAIC 858-826-2204 (Voice) 858-826-6478 (Fax) "Opportunity is missed by most people because it is dressed in overalls and looks like work." - Thomas A. Edison ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- This mail was scanned by BitDefender For more informations please visit http://www.bitdefender.com -- This mail was scanned by BitDefender For more informations please visit http://www.bitdefender.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
