On Thu, Apr 23, 2009 at 1:51 PM, <ksreedha...@gmail.com> wrote:
> Hello,
>
> I am using Mozilla JSS provider from Java.
>
> JSS 4.2.5
> NSS 3.11.4
> NSPR 4.6.4
>
> When the FIPS RNG continuous tests fail, what is the behavior in NSS/
> JSS. What does it return. do we get an java exception to the calling
> function.
>
> For example, when Java code tries to establish a TLS Socket session,
> and this continuous tests fail during random number generation, do we
> get an exception to the socket creation code.
I guess so. In FIPS mode, once the continuous RNG test fails, the
NSS software crypto module ("softoken") enters an error state, and
all subsequent crypto operations will fail. I don't know how these
NSS errors will be reflected in Java, but JSS definitely won't be able
to do TLS.
Wan-Teh
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
