Kyle Hamilton is right. The authoritative document is the NSS module's security policy, which is linked from their validation certificate (see above). That policy specifies how the module can be used in order to be FIPS 140-2 compliant.
According to the NIST FIPS 140-2 Implementation Guide (http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/FIPS1402IG.pdf) there are only a couple things you can do to a module once it's been validated: The vendor can fix non-security related bugs and update their validation (as opposed to a full re-validation of the module), and Users can build the module from sources for the purpose of porting to new platforms IFF the security policy includes specific build procedures. But the NSS security policy contains no such build procedures. Look at the OpenSSL policy for an example of one that does. That means NSS does not provide FIPS compliance on any platform other than the one they tested on. So, not on Windows. Not anywhere other than Red Hat Enterprise Linux on a few platforms. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
