I had read the security policy and thought that was the case. Seemed too easy so I just wanted confirmation.
Thanks Geoff -----Original Message----- From: Robert Relyea [mailto:[EMAIL PROTECTED] Sent: Thursday, September 06, 2007 2:31 PM To: Gatfield, Geoffrey Cc: dev-tech-crypto@lists.mozilla.org Subject: Re: Enabling FIPS mode Gatfield, Geoffrey wrote: > Hello, > > > > I'm working on converting our server to FIPS compliance. We provide user > authentication using LDAP (with Mozilla LDAP C SDK) which uses NSS. To > provide FIPS compliance can we just replace the NSS library with the > FIPS compliant version? Does NSS automatically enable FIPS mode > (assuming FIPS compliant encryption is requested)? Or do we need to > replace/modify the LDAP SDK to properly enable FIPS compliance? > You don't have to replace/modify our apps (in most cases), as long as the are configured correctly to obey the security policy (http://www.mozilla.org/projects/security/pki/nss/fips/secpolicy.pdf or you can fetch it from NIST here: http://csrc.nist.gov/cryptval/140-1/140sp/140sp815.pdf ). In general, you need to configure fips in your NSS database (where the keys and certs are stored). Many applications have a way to do this from their UI. For all applications you can do this directly if you know where they store their NSS database using the modutil program; http://www.mozilla.org/projects/security/pki/nss/tools/modutil.html The command would be: modutil -fips true -dbdir {location of your nss database} bob > > > Thanks, > > Geoff > > > > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
