README-FIPS - httpd - Git at Google

 SANDBOX httpd/branches/fips-dev explained:

 This sandbox is for development around the FIPS 140-2 standard as implemented
 by Ben Laurie and team of OpenSSL with the 0.9.7 verisons.  The effort for
 OpenSSL FIPS certification is coordinated by the Open Source Software
 Institute.  OpenSSL 0.9.7 is in the process of certification testing.  See:

   http://oss-institute.org/index.php?option=content&task=view&id=109

 The crypto layer, itself, is the object of certification.  In this case,
 that is encompased in libcrypto.so.  But libcrypto.so needs to be told to
 enforce FIPS 140 policy, and mod_ssl needs to be adjusted to the FIPS 140
 subset of permitted cryptography.

 This effort is initially coordinated by Ben Laurie and Will Rowe; of course
 all voulenteers and feedback are welcome!

 It is something of the cart before the horse; meant to demonstrate both the
 need for the NIST to certify OpenSSL, and the proper application of a fips
 build of the OpenSSL library.

 Note this branch includes apr and apr-util, while the authors figure out what
 to do about apr MD5 and other fips issues are resolved.  That work will be
 submitted to the apr project, once the least distruptive change is
 ascertained.

 Note also that even with FIPS mode is off, operations using MD5 are
 not possible.

 Stuff FIPS requires
 -------------------

 Random number seeding: strangeness about the FIPS PRNG means that at
 least one random source must supply at least 24 bytes of randomness in
 a single chunk (note that this could be relaxed at the cost of more
 code).

 Certificates: must be signed using SHA-1.

 Passwords: must be SHA-1 hashed.

 httpd.conf:

 SSLProtocol +TLSv1

 SSLCipherSuite DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHAEXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA

 The cipher suites can, of course, be a subset of the above.

 General: All crypto should be done via OpenSSL (or another FIPS
 certified package). Any external packages using crypto must enable
 FIPS mode in OpenSSL. The OpenSSL FIPS security policy must be
 followed.

 Note that because Apache sets FIPS mode in OpenSSL, other libraries or
 modules using OpenSSL that coexist may exhibit unexpected behaviour
 because of the restrictions FIPS mode imposes.

 In particular, only DES, AES, RSA, DSA/DSS and SHA-1 can be
 used. There is a special exception that permits the use of MD5 within
 TLS, but not elsewhere.
	SANDBOX httpd/branches/fips-dev explained:

	This sandbox is for development around the FIPS 140-2 standard as implemented
	by Ben Laurie and team of OpenSSL with the 0.9.7 verisons. The effort for
	OpenSSL FIPS certification is coordinated by the Open Source Software
	Institute. OpenSSL 0.9.7 is in the process of certification testing. See:

	http://oss-institute.org/index.php?option=content&task=view&id=109

	The crypto layer, itself, is the object of certification. In this case,
	that is encompased in libcrypto.so. But libcrypto.so needs to be told to
	enforce FIPS 140 policy, and mod_ssl needs to be adjusted to the FIPS 140
	subset of permitted cryptography.

	This effort is initially coordinated by Ben Laurie and Will Rowe; of course
	all voulenteers and feedback are welcome!

	It is something of the cart before the horse; meant to demonstrate both the
	need for the NIST to certify OpenSSL, and the proper application of a fips
	build of the OpenSSL library.

	Note this branch includes apr and apr-util, while the authors figure out what
	to do about apr MD5 and other fips issues are resolved. That work will be
	submitted to the apr project, once the least distruptive change is
	ascertained.

	Note also that even with FIPS mode is off, operations using MD5 are
	not possible.

	Stuff FIPS requires
	-------------------

	Random number seeding: strangeness about the FIPS PRNG means that at
	least one random source must supply at least 24 bytes of randomness in
	a single chunk (note that this could be relaxed at the cost of more
	code).

	Certificates: must be signed using SHA-1.

	Passwords: must be SHA-1 hashed.

	httpd.conf:

	SSLProtocol +TLSv1

	SSLCipherSuite DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHAEXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA

	The cipher suites can, of course, be a subset of the above.

	General: All crypto should be done via OpenSSL (or another FIPS
	certified package). Any external packages using crypto must enable
	FIPS mode in OpenSSL. The OpenSSL FIPS security policy must be
	followed.

	Note that because Apache sets FIPS mode in OpenSSL, other libraries or
	modules using OpenSSL that coexist may exhibit unexpected behaviour
	because of the restrictions FIPS mode imposes.

	In particular, only DES, AES, RSA, DSA/DSS and SHA-1 can be
	used. There is a special exception that permits the use of MD5 within
	TLS, but not elsewhere.