re will be followed.
>> It is still a Wish that OpenSource applications and libraries
>> in general should log errors in a standardized way,
> The audit kernel subsystem (that libreswan also supports) is such an
> attempt.
Interesting.
--
View this message in context:
http://moz
On Fri, 22 Jan 2016, jonetsu wrote:
For instance if the system at boot finds a FIPS-related error then it should
stop everything. For instance binary integrity failure. Report using one of
the FIPS logical interfaces and reboot. No library or application will do
that.
Why would that be the ri
rs.
--
View this message in context:
http://mozilla.6506.n7.nabble.com/Using-NSS-in-FIPS-mode-tp350446p350498.html
Sent from the Mozilla - Cryptography mailing list archive at Nabble.com.
smime.p7s
Description: S/MIME Cryptographic Signature
--
dev-tech-crypto mailing list
dev-tech-crypto@lis
lent ! :)
--
View this message in context:
http://mozilla.6506.n7.nabble.com/Using-NSS-in-FIPS-mode-tp350446p350523.html
Sent from the Mozilla - Cryptography mailing list archive at Nabble.com.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On Fri, 22 Jan 2016, jonetsu wrote:
Paul Wouters wrote:
How is a library in FIPS mode when it hasn't yet initialised because
the application has not kicked of yet? Do you actually initialise
them using a test program?
Yes. This is the case for OpenSSL and GnuTLS. For NSS, as we have seen,
S consists of enabling the self-tests.
No restrictions on algorithms, etc, are applied.
Hmmm... Do you mean that the current libreswan does not fully support FIPS ?
:)
--
View this message in context:
http://mozilla.6506.n7.nabble.com/Using-NSS-in-FIPS-mode-tp350446p350515.html
Sent from th
On Fri, 22 Jan 2016, jonetsu wrote:
libreswan uses NSS and supports a FIPS mode.
I know. I wouldn't call libreswan 'example code', though :)
I have browsed the code although did not find what I was looking for,
which is exactly what you mentioned above. In our systems we have to
verify that
oot, before applications
are kicking off.
Cheers.
--
View this message in context:
http://mozilla.6506.n7.nabble.com/Using-NSS-in-FIPS-mode-tp350446p350499.html
Sent from the Mozilla - Cryptography mailing list archive at Nabble.com.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozill
n to flip to FIPS mode.
I should have mentioned that the application is in C and is by no way
related to Firefox.
Comments much appreciated, cheers.
--
View this message in context:
http://mozilla.6506.n7.nabble.com/Using-NSS-in-FIPS-mode-tp350446p350498.html
Sent from the Mozilla - Cryptogr
On Thu, 21 Jan 2016, Robert Relyea wrote:
The call PK11_IsFIPS() returns true if softoken is in FIPS mode.
Oh, I did not know about this one. I guess once we (the application)
detect the system is in FIPS mode, we could verify that NSS is as well.
Finally, is there any example code out ther
ments, suggestions appreciated, thanks.
--
View this message in context:
http://mozilla.6506.n7.nabble.com/Using-NSS-in-FIPS-mode-tp350446.html
Sent from the Mozilla - Cryptography mailing list archive at Nabble.com.
smime.p7s
Description: S/MIME Cryptographic Signature
--
dev-tech-crypto ma
of NSS if an application tries to use a
non-approved algorithm ?
Finally, is there any example code out there that uses NSS in FIPS
mode ?
Any comments, suggestions appreciated, thanks.
--
View this message in context:
http://mozilla.6506.n7.nabble.com/Using-NSS-in-FIPS-mode-tp350446.html
12 matches
Mail list logo
