Thanks for responding David - If the Mozilla JCA isn't JSS compatible then I'm barking up the wrong tree. I see you included the pkcs#11 java doc but how do you ensure sun's PKCS#11 uses nss? I see that you need to set the configuration directives - but I have no idea how to "set configuration directives"? Are they talking java vm command line option setting? Does nss have a document that shows how to set these directives? Anna.
--- On Wed, 1/27/10, David Stutzman <dstutz.m...@nospam.dstutz.com> wrote: From: David Stutzman <dstutz.m...@nospam.dstutz.com> Subject: Re: Mozilla-JSS in FIPS compliant mode To: dev-tech-crypto@lists.mozilla.org Date: Wednesday, January 27, 2010, 4:22 AM > Has anyone ever seen this or does anyone have an idea of how I can get > this crypto provider to be “installed” and utilized in a fips compliant > mode per sun java docs? I *thought* that JSS wasn't a JSSE implementation and you needed to write JSS specific code to do SSL sockets but I might be wrong. An alternative to using JBOSS->JSS->NSS is just configuring Java to use NSS directly through the PKCS#11 interface. You can configure the bridge in FIPS mode. http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html#NSS I do use JSS for SSL using the JSS socket factories for both HTTP and LDAP. I actually like it a lot better than JSSE. I don't currently, but have played around with accessing NSS through the Sun PKCS11 bridge and it does work. Unfortunately I've never set up a Java App Server to use any of it so I can't help you directly with that. Dave -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
