Gatfield, Geoffrey wrote:
You don't have to replace/modify our apps (in most cases), as long as the are configured correctly to obey the security policy (http://www.mozilla.org/projects/security/pki/nss/fips/secpolicy.pdf or you can fetch it from NIST here: http://csrc.nist.gov/cryptval/140-1/140sp/140sp815.pdf ).Hello,I'm working on converting our server to FIPS compliance. We provide user authentication using LDAP (with Mozilla LDAP C SDK) which uses NSS. To provide FIPS compliance can we just replace the NSS library with the FIPS compliant version? Does NSS automatically enable FIPS mode (assuming FIPS compliant encryption is requested)? Or do we need toreplace/modify the LDAP SDK to properly enable FIPS compliance?
In general, you need to configure fips in your NSS database (where the keys and certs are stored). Many applications have a way to do this from their UI. For all applications you can do this directly if you know where they store their NSS database using the modutil program;
http://www.mozilla.org/projects/security/pki/nss/tools/modutil.html The command would be: modutil -fips true -dbdir {location of your nss database} bob
Thanks, Geoff_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
