On Fri, Aug 27, 2010 at 2:05 PM, Brian Smith <br...@briansmith.org> wrote: > In accepting patches to implement TLS 1.2 and/or AES-GCM cipher suites, is a > (potentially-)FIPS-140-compliant implementation required? Or, would it be > acceptable in the short-term to have an implementation that is known to be > non-compliant and thus disabled in FIPS mode?
It is fine to be non-FIPS compliant when you add new crypto algorithms to the NSS softoken. You should do this work on the NSS trunk. NSS customers who must use a FIPS-validated softoken can stay on the NSS_3_12_BRANCH. I can review your patches. Wan-Teh -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
