Hi, Last week I posted a message that I had problem with FIPS enabled openssl and httpd v2.4.3. I did a little bit test today and here is what I found. The original key and certificate was generated by openssl without FIPS enabled and the key was encrypted by AES 256. When I started httpd, it prompted me for the pass phrase. I typed in correct pass phrase but it kept prompting me that the pass phrase is not correct. If I disable FIPS for the mod_ssl, I don't have problem to provide the same pass phrase and start httpd.
I striped out the pass phrase from the original private key without any other changes and I can start httpd with FIPS enabled mod_ssl no problem. I recreated private key with AES 256 encrypted and a pass phrase (I have to provide a pass phrase) with FIPS enabled OpenSSL (v1.0.1c) and regenerated the certificate from my CA. When I started httpd, I got pass phrase prompt and I provided the correct pass phrase and it says the pass phrase is incorrect. My question is whether FIPS enabled mod_ssl supports pass phrase? It seems to me it does not. Thanks. Ryan Jiang This message (including any attachments) is intended solely for the specific individual(s) or entity(ies) named above, and may contain legally privileged and confidential information. If you are not the intended recipient, please notify the sender immediately by replying to this message and then delete it. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, by other than the intended recipient, is strictly prohibited. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
