On Apr 24, 10:03 am, Wan-Teh Chang <w...@google.com> wrote:
> On Thu, Apr 23, 2009 at 1:51 PM, <ksreedha...@gmail.com> wrote:
> > Hello,
>
> > I am using Mozilla JSS provider from Java.
>
> > JSS 4.2.5
> > NSS 3.11.4
> > NSPR 4.6.4
>
> > When the FIPS RNG continuous tests fail, what is the behavior in NSS/
> > JSS. What does it return. do we get an java exception to the calling
> > function.
>
> > For example, when Java code tries to establish a TLS Socket session,
> > and this continuous tests fail during random number generation, do we
> > get an exception to the socket creation code.
>
> I guess so. In FIPS mode, once the continuous RNG test fails, the
> NSS software crypto module ("softoken") enters an error state, and
> all subsequent crypto operations will fail. I don't know how these
> NSS errors will be reflected in Java, but JSS definitely won't be able
> to do TLS.
>
> Wan-Teh- Hide quoted text -
>
> - Show quoted text -
Thanks Wan for the reply.
I was also certain that JSS will not able to do TLS but it would be
helpful if a distinct exception/error is thrown incase of continuous
tests fail. It seems we need to flag/log these messages.
If any one can point me what kind of errors will be thrown, that would
be great.
Otherwise I may have to tweak the nss code.
Thanks,
Sreedhar
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
