On 6/27/06, John W. Hill <[log in to unmask]> wrote:
> I'm running SL_4.2 and I am required by my employer to begin using
> OpenSSL-fips-2.0 within a few weeks. I don't have a problem building and
> installing from the source, however, I'm not sure what other
> applications I will break once the new openssl takes over.What do I do
> with the existing OpenSSL, leave it, remove it?  I'm also running SSH
> and VSFTPD on this server. Any recommendations on how best to approach
> this? Thanks.
>

There are several factors driving towards  using FIPS SSL. If you are
supposed to use it in your project and that alone then you could
install it in /usr/local and use that for your development. If your
parent agency is needing FIPS compliant for all of its computers then
you will need to do a large rebuilding process for all applications
that link to the SSL libraries.

Basically, you could build a new FIPS openssl rpm and then rebuild the
following packages:

NetworkManager-0:0.3.1-3.i386
xmlsec1-openssl-0:1.2.6-3.i386
perl-Crypt-SSLeay-0:0.51-5.i386
kdelibs-6:3.3.1-3.14.i386
crypto-utils-0:2.1-4.i386
openssl-devel-0:0.9.7a-43.8.i386
mod_ssl-1:2.0.52-22.ent.i386
authd-0:1.4.3-2.i386
libpcap-14:0.8.3-10.RHEL4.i386
openldap-servers-0:2.2.13-4.i386
xmlsec1-openssl-devel-0:1.2.6-3.i386
sendmail-0:8.13.1-2.i386
dovecot-0:0.99.11-2.EL4.1.i386
tog-pegasus-1:2.4.1-4.4.rhel4.i386
exim-0:4.43-1.RHEL4.5.i386
curl-0:7.12.1-8.rhel4.i386
openssl-perl-0:0.9.7a-43.8.i386
postfix-2:2.1.5-4.2.RHEL4.i386



> John
>
> --
> +-----------------------------------+
> + John W. Hill, Electronic Engineer +
> + NOAA Aircraft Operations Center   +
> + Science and Engineering Division  +
> + MacDill AFB, FL 33608             +
> +                                   +
> + Office: 813.828.3310 x3108        +
> + Cell:   813.833.8518              +
> + FAX:    813.828.5061              +
> +-----------------------------------+
>
>
>
>


-- 
Stephen J Smoogen.
CSIRT/Linux System Administrator