Re: intermittent Apache/OpenSSL error hangs server

2020-01-09 Thread Jerry Blasdel
at 7:21 AM Jerry Blasdel wrote: > I have several servers configured the same, running Apache > 2.4X/OpenSSL1.02 fips-enabled. > > On one server we periodically get the following errors in the Apache logs: > > SSL Library Error: error:xx:FIPS_drbg_generate:selftest failed

intermittent Apache/OpenSSL error hangs server

2020-01-07 Thread Jerry Blasdel
I have several servers configured the same, running Apache 2.4X/OpenSSL1.02 fips-enabled. On one server we periodically get the following errors in the Apache logs: SSL Library Error: error:xx:FIPS_drbg_generate:selftest failed. In some cases, the server continues to service requests, but

Re: SHA256 Apache HTTPD/OpenSSL

2014-04-04 Thread Jerry Blasdel
My problem was that my server certificate was not SHA-256 capable. As soon as I generated a new server certificate based on an openssl that supported SHA-256, I was able to communicate with the server. From: Jerry Blasdel/USA/CSC@CSC To: openssl-users@openssl.org Date: 04/03/2014

SHA256 Apache HTTPD/OpenSSL

2014-04-03 Thread Jerry Blasdel
We have built the following: httpd-2.4.6 openssl-1.0.1.e openssl-fips-2.05 for both Windows and Solaris so we can leverage SHA256. For both environments I have Apache configured with the following: SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 On Windows, this works. I can use a Browser to hit the

Re: FIPS enable Apache 2.4.3 with OpenSSL 1.0.1c-fips

2013-01-10 Thread Jerry Blasdel
in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. From: Jerry Blasdel/USA/CSC To: Steve Marquess

Re: FIPS enable Apache 2.4.3 with OpenSSL 1.0.1c-fips

2013-01-04 Thread Jerry Blasdel
or government initiative expressly permitting the use of e-mail for such purpose. From: Steve Marquess marqu...@opensslfoundation.com To: openssl-users@openssl.org Cc: Jerry Blasdel/USA/CSC@CSC Date: 12/18/2012 09:21 AM Subject:Re: FIPS enable Apache 2.4.3 with OpenSSL 1.0.1c-fips

Re: FIPS enable Apache 2.4.3 with OpenSSL 1.0.1c-fips

2012-12-20 Thread Jerry Blasdel
To: openssl-users@openssl.org Cc: Jerry Blasdel/USA/CSC@CSC Date: 12/18/2012 09:21 AM Subject:Re: FIPS enable Apache 2.4.3 with OpenSSL 1.0.1c-fips On 12/18/2012 08:57 AM, Jerry Blasdel wrote: Steve, That was a typing error. I verified that I am building: Extracting OpenSSL Fips

Re: FIPS enable Apache 2.4.3 with OpenSSL 1.0.1c-fips

2012-12-18 Thread Jerry Blasdel
or government initiative expressly permitting the use of e-mail for such purpose. From: Steve Marquess marqu...@opensslfoundation.com To: Jerry Blasdel/USA/CSC@CSC Cc: openssl-users@openssl.org Date: 12/17/2012 03:20 PM Subject:Re: FIPS enable Apache 2.4.3 with OpenSSL 1.0.1c

FIPS enable Apache 2.4.3 with OpenSSL 1.0.1c-fips

2012-12-17 Thread Jerry Blasdel
All, We are trying to get a FIPS enabled Apache 2.4.3 built with OpenSSL 1.01. Everything appeared to build correctly but when we try to start Apache with SSLFIPS on directive we get the following error: [Mon Dec 17 17:22:15.355149 2012] [mpm_worker:notice] [pid 10612:tid 1] AH00292:

Re: FIPS enable Apache 2.4.3 with OpenSSL 1.0.1c-fips

2012-12-17 Thread Jerry Blasdel
...@opensslfoundation.com To: openssl-users@openssl.org Cc: Jerry Blasdel/USA/CSC@CSC Date: 12/17/2012 02:59 PM Subject:Re: FIPS enable Apache 2.4.3 with OpenSSL 1.0.1c-fips On 12/17/2012 12:32 PM, Jerry Blasdel wrote: All, We are trying to get a FIPS enabled Apache 2.4.3 built