我使用mod_ssl / OpenSSL构建Apache以实现FIPS兼容性(我正在Windows环境中构建和安装)并且它在本地运行。我可以做到以下几点:
openssl md5 C:\path\to\random\file.txt # this will succeed and spit out hash info
set OPENSSL_FIPS=1
openssl md5 C:\path\to\random\file.txt # this will fail and spit out an error about MD5 being disabled in FIPS mode
openssl sha1 C:\path\to\random\file.txt # this will succeed and spit out hash info
但是当我将我的Apache构建(整个bin目录和模块目录)复制到我们尝试运行相同命令的现有内部SSL测试平台时,任何使用openssl执行散列(md5或sha1)都会给出我有以下错误:
1444:error:2D06B06F:FIPS routines:FIPS_check_incore_fingerprint:fingerprint does not match:.\fips\fips.c:232:
将它复制到另一台机器时会导致它中断的原因是什么?想法?