Hello,
Is there a run-time option to disable all and every uses of elliptical
curves ?
If not, is there a compile option ?
Thanks.
--
View this message in context:
http://mozilla.6506.n7.nabble.com/Disabling-all-uses-of-elliptical-curves-tp354147.html
Sent from the Mozilla - Cryptography ma
Paul Wouters wrote:
> Why would that be the right choice?
Because this is the FIPS/CC way. Moreover, our FIPS/CC consultant have made
it clear.
This being said, a difference must be established between a unit, a hardware
unit, and software components running inside. It might very well be that
Paul Wouters wrote:
> So while I just added a check, it should be completely redundant.
Depends. I'd be wary of a system that proclaims itself FIPS enabled without
'seeing it with my own eyes'. So I am not convinced this is redundant.
> Those are done within the libraries and applications. Lib
Paul Wouters wrote:
> How is a library in FIPS mode when it hasn't yet initialised because
> the application has not kicked of yet? Do you actually initialise
> them using a test program?
Yes. This is the case for OpenSSL and GnuTLS. For NSS, as we have seen,
the FIPS initialisation is done ext
Paul Wouters wrote:
> Oh, I did not know about this one. I guess once we (the application)
> detect the system is in FIPS mode, we could verify that NSS is as
> well.
>> Finally, is there any example code out there that uses NSS in FIPS
>> mode ?
> libreswan uses NSS and supports a FIPS mode.
Robert Relyea wrote:
> The call PK11_IsFIPS() returns true if softoken is in FIPS mode. The
> dance to programatically is to call SECMOD_DeleteInternalModule(),
> which toggles the module between FIPS and non-FIPS modes.
Thanks. I will try it.
When are the self-tests run, from an application pe
Hello,
Please let me know if this is not the right place to ask about the
following...
I am new to NSS and would like to use it in FIPS mode. I do know
about OpenSSL and GnuTLS, both of them having explicit calls to
enabled FIPS mode. With NSS, so far I have seen that the modutil
non-programmat
Hello,
I am trying to get a list of the algorithms and ciphers supported by NSS 3.17
in FIPS mode. Not easy. Whereas OpenSSL and GnuTLS lists them at run-time, no
such thing seems to exist for NSS (correct me if I'm wrong). Is there then a
document, validation certification, that would list
Hello,
I am new to NSS. The goal is to use NSS in FIPS mode and to provide the OS
(Linux) some kind of notification when a FIPS error happens. I presume that
FIPS POST tests are run when NSS is put into FIPS mode using modutils. I also
assume that 'continuous, pair-wise tests as well as DRBG
9 matches
Mail list logo
