Configurable FIPS mode
March 17, 2015 03:23AM
There does not seem to be a way to enable FIPS mode on the application level. Currently we solve this by compiling nginx ourselves after adding FIPS_mode_set(1) after the SSL library initialization code in systems where we require it. It would be nice to have native optional support for this.

For reference, apache's mod_ssl has this support: http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslfips, so a similiar setting would probably be useful for others as well.
Re: Configurable FIPS mode
November 03, 2015 03:13PM
I'd also love to see this supported out of the box. I can't imagine it's particularly difficult, but given that I'm not a C guy, I don't dare attempt a PR.

teemu, any chance you can share the patch file you use to achieve fips module support? I'd love to compare notes.
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 254
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready