Re: Are NSS bug fix releases still FIPS 140-2 certified?

Ernie, On 4/10/2017 2:58 PM, Ernie Kovak wrote: That means NSS does not provide FIPS compliance on any platform other than the one they tested on. So, not on Windows. Not anywhere other than Red Hat Enterprise Linux on a few platforms. Many other vendors have done NSS FIPS validation on

Re: NSS open multiple NSS-Databses at once?

I think the main restriction you are likely to run into is with trust. You can likely explain how this works far better than I can, but I think essentially, you can't treat your multiple cert/key databases as entirely separate for purposes of trust. Ie. if you try to trust one CA in one

Re: Problem on building NSS with Windows

This is an issue with the shell's inability to run "pwd.exe". It may be either a built-in shell, or a separately configured shell. What is the value of the SHELL environment variable, if any ? See https://www.gnu.org/software/make/manual/make.html#Choosing-the-Shell for more details. "shell

Re: Problem on building NSS with Windows

is is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. This program built for i686-pc-msys32 2016-08-20 9:24 GMT+08:00 Julien Pierre <julien.pie...@oracle.com>: Which version of GNU make do you h

Re: Problem on building NSS with Windows

Which version of GNU make do you have in your PATH ? The NSS build system tries to get the absolute location of all source files. It does so to facilitate debugging, so that debug binaries can automatically locate the files in a debugger. It uses gmake macros/function that don't work in very

Re: [ANNOUNCE] NSS 3.24 Release

Kai, On 5/22/2016 13:45, Kai Engert wrote: Notable Changes: * The following functions have been deprecated (applications should use the new SSL_ConfigServerCert function instead): * SSL_SetStapledOCSPResponses * SSL_SetSignedCertTimestamps * SSL_ConfigSecureServer *

Re: Cipher suits, signature algorithms, curves in Firefox

Zoogtfyz, On 5/6/2016 07:34, Zoogtfyz wrote: Websites that prefer AES-256, such as internal websites, can always instruct their users/customers to toggle a switch in Firefox to enable AES-256. I am proposing having AES-256 ciphersuits toggled off by default. IMO, that is impractical. I

Re: RFC7512 PKCS#11 URI support

David, On 4/7/2016 15:49, David Woodhouse wrote: On Thu, 2016-04-07 at 05:01 -0700, Julien Pierre wrote: The problem really stems from the design of NSS, specifically the CERTCertificate*, which maps to a unique DER encoded cert, but not to a single PKCS#11 object in a single token. Since

Re: RFC7512 PKCS#11 URI support

David, Responses inline. - Original Message - > It certainly makes sense to add a new function which can locate objects > *purely* by their PKCS#11 URI. And if I can spend a little time trying > to properly understand the reasons you currently eschew > PK11_FindCertsFromNickname(),

Re: RFC7512 PKCS#11 URI support

David, On 4/6/2016 05:57, David Woodhouse wrote: I also want to mention that there are some fairly major deficiencies in NSS when it comes to finding certificates. The nickname only represents a subject. It does not uniquely identify a certificate. Even token:nickname - which is really

Re: RFC7512 PKCS#11 URI support

The API itself may not have been documented, but products using the API have documented this token:nickname usage. That is the case for some Oracle server products. Now, I can't say that we really envisioned anyone entering a URI in the nickname field of our server config files. It would

Re: [NSS] X509 Certificate Chain Verification Example

e there are some issues with the processing made by Cert_PKIXVerifyCert function. Thank You, Nicholas 2016-02-06 2:42 GMT+01:00 Julien Pierre <julien.pie...@oracle.com>: Nicholas, It looks like cert_pi_certList is indeed never processed. So that seems to be unimplemented. I'm not

Re: [NSS] X509 Certificate Chain Verification Example

never do so unless you have some other trusted proof that you should do so - say, a signed message from a CA you already trust. If you start your app without any trusted CA in your DB, you will not have any real security. Julien On 2/10/2016 16:30, Julien Pierre wrote: Nicholas, Your root

Re: [NSS] X509 Certificate Chain Verification Example

ror. And also if I change the certificate usage parameter, I got this error. So, is there something wrong in the code I have written? Thanks, Nicholas 2016-02-04 1:14 GMT+01:00 Julien Pierre <julien.pie...@oracle.com>: CERT_VerifyCertNow is a legacy API that does not support the full set o

Re: Prevent "proxyfying" PKCS#11

Erwann, On 9/28/2015 12:21, Erwann Abalea wrote: I mistaken with Firefox, which still supports NPAPI, and all Java applets are in "click-to-play" mode. OK, great ! I certainly need Java in the browser, for other reasons (running a scanner applet to use with my bank). Then you can't use an

Re: Prevent "proxyfying" PKCS#11

Yes, I think you are right, and we have digressed. On 9/28/2015 17:30, Robert Relyea wrote: On 09/25/2015 09:13 AM, Erwann Abalea wrote: Le vendredi 25 septembre 2015 14:39:04 UTC+2, helpcrypto helpcrypto a écrit : On Fri, Sep 25, 2015 at 11:52 AM, Erwann Abalea wrote:

Re: Prevent "proxyfying" PKCS#11

On 9/28/2015 01:50, helpcrypto helpcrypto wrote: On Sat, Sep 26, 2015 at 1:17 AM, Julien Pierre <julien.pie...@oracle.com> wrote: Erwann, What are the replacement plug-in API mechanisms following the deprecation of NPAPI ? Oracle porting to PPAPI? (Perhaps you could give u

Re: Prevent "proxyfying" PKCS#11

Personally, I don't think authenticating the scanner is an issue. I can see the document physically being scanned in the scanner. And I can see the resulting image in the java applet on my screen. If the document that appears is not what I scanned, I would simply not submit it. I'm not worried

Re: Prevent "proxyfying" PKCS#11

Erwann, What are the replacement plug-in API mechanisms following the deprecation of NPAPI ? Can't they be used to write another Java plug-in ? I certainly need Java in the browser, for other reasons (running a scanner applet to use with my bank). Julien On 9/25/2015 09:13, Erwann Abalea

Re: Adding a test only option to the NSS server to disable sending the renego extension

to test that Firefox prints out an appropriate web console message when connecting to a non-RFC5746 compliant server. Currently, the NSS server seems to always send the extension. Cykesiopka On Mon 2015-09-21 05:43 PM, Julien Pierre wrote: |You can read about the following environment variable

Re: Adding a test only option to the NSS server to disable sending the renego extension

|You can read about the following environment variable NSS_SSL_ENABLE_RENEGOTIATION at |https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Reference/NSS_environment_variables This may be all you need to set

Re: Build error for NSS 3.17.4 (Windows 7)--needs to be addressed in NSPR

Kai., On 2/2/2015 04:17, Kai Engert wrote: Please use OS_TARGET=WIN95 That's the newer and supported configuration. If you found any place that suggests to use WINNT, we should update that location. Kai Please note that Oracle still uses WINNT for the Windows build, and needs this build to

Re: Accessing Firefox keystore

Jean, On 12/8/2014 02:38, Jean Bave wrote: Thank you for your answer. We tried the SunPKCS11 class but the thing is we are trying to access Firefox's keystore to reach the certificates of a physical token stored in it. Apparently the Sun provider cannot deal with physical tokens through

Re: Reducing NSS's allocation rate

Personally, I would like to encourage your efforts. If you are able to move many of these allocations from heap-based with locks, to something stack-based instead, this will improve NSS server performance tremendously. I would be surprised if it was a significant boost to client apps like

Re: Proposal: Disable SSLv3 in Firefox ESR 31

Hubert, On 10/23/2014 07:53, Hubert Kario wrote: Are there phone/tablets which can't install any 3rd party browsers at all ? AFAIK, iOS devices require you to use the system TLS stack. I see, I didn't know. But it still would seem that any second connection (fallback) would be dictated by

Re: Updates to the Server Side TLS guide

Julien, On 10/21/2014 18:02, Julien Vehent wrote: NSS is very rarely used in servers. Perhaps so statistically, but the products are still around. I notice that Oracle/iPlanet/RedHat products are absent from the document. Oracle still ships at the very least iPlanet Web Server, iPlanet Proxy

Re: Proposal: Disable SSLv3 in Firefox ESR 31

Hubert, On 10/22/2014 05:27, Hubert Kario wrote: Problem is that if something doesn't work in one browser and does in another users blame the browser. Even if the browser that doesn't work does the right thing. What if all browsers started doing the right thing ? Recommending the use of

Re: Proposal: Disable SSLv3 in Firefox ESR 31

Hubert, On 10/21/2014 05:06, Hubert Kario wrote: Yes, it's external to the TLS, and yes, it's bad that browsers do use the manual fallback. Yes, the servers should be regularly updated and as such bugs that cause it fixed. Yes, the configurations should be updated to align them with current

Re: Proposal: Disable SSLv3 in Firefox ESR 31

Florian, On 10/21/2014 06:38, Florian Weimer wrote: I still think the fallback behavior you have shown is a browser bug, and should be fixed there, but its removal. There seems to be rather vehement disagreement, but I don't get way. +1 , any fallback is a bug. SSL has built-in protocol

Re: Updates to the Server Side TLS guide

Chris, On 10/21/2014 11:43, Chris Newman wrote: At this point, the OpenSSL-style cipher suite adjustment string has become a de-facto standard. So I believe NSS should be modified to follow that de-facto standard rather than expecting those writing security advice to do extra work:

Re: Proposal: Disable SSLv3 in Firefox ESR 31

Kai, On 10/21/2014 05:31, Kai Engert wrote: So, let's get this clarified with test results. I've tested Firefox 34 beta 1. Because bug 1076983 hasn't landed on the beta branch yet, the current Firefox 34 beta 1 still has SSL3 enabled. With this current default configuration (SSL3 enabled),

Re: Proposal: Disable SSLv3 in Firefox ESR 31

Florian, On 10/21/2014 05:24, Florian Weimer wrote: * Julien Pierre: The whole TLS_FALLBACK_SCSV would be unnecessary if not for this browser misbehavior - and I hope the IETF will reject it. Technically, we still need the codepoint assignments from the IETF draft because of their widespread

Re: Updates to the Server Side TLS guide

Hubert, On 10/20/2014 05:10, Hubert Kario wrote: So I went over the https://wiki.mozilla.org/Security/Server_Side_TLS article with a bit more attention to detail and I think we should extend it in few places. Especially if it is supposed to be also the general recommendation for servers, not

Re: Proposal: Disable SSLv3 in Firefox ESR 31

Kai, What is the purpose of Firefox continuing to do any fallback at all ? IMO, making a second connection with any lower version of SSL/TLS defeats the intent of the SSL/TLS protocol, which have built-in defenses against protocol version downgrade. Isn't it time this fallback gets eliminated

Re: Proposal: Disable SSLv3 in Firefox ESR 31

Florian, On 10/16/2014 12:50, Florian Weimer wrote: Neither. I'm talking about the out-of-protocol insecure version negotiation for TLS implemented in Firefox. That's a broader scope than bug 689814, which is strictly about fallback to SSL 3.0. +1 This fallback needs to get removed,

Re: Announcing Mozilla::PKIX, a New Certificate Verification Library

Brian, I just ran into the Netscape Cert Type critical extension issue with an internal cert. Is there an override setting to allow this cert to work in Firefox still ? IMO, the Firefox behavior is particularly bad, because Firefox won't even let you look at the cert details to see what the

Re: Regain trust into SSL/TLS

On 3/11/2014 03:10, Alan Braggins wrote: On 09/03/14 22:59, Raphael Wegmann wrote: What about creating a distributed hash-table, where we could count collectively, which public-key has been used by a particular server how often? When I visit amazon.com and my browser tells me, that I am the

NSS algorithm performance

Did anyone ever write a script that measures the performance of all the low-level algorithms in freebl, and collects the data in a way that's easy to compare ? This would probably be using bltest. This is for the purpose of evaluating different compilers/optimization options. If so, sharing

Re: Chrome: From NSS to OpenSSL

On 1/27/2014 10:28, Kathleen Wilson wrote: Draft Design Doc posted by Ryan Sleevi regarding Chrome migrating from NSS to OpenSSL: https://docs.google.com/document/d/1ML11ZyyMpnAr6clIAwWrXD53pQgNR-DppMYwt9XvE6s/edit?pli=1 Switching to OpenSSL, however, has the opportunity to bring

Re: Chrome: From NSS to OpenSSL

Ryan, On 1/31/2014 10:28, Ryan Sleevi wrote: I tried not to write too much on the negatives of NSS or OpenSSL, because both are worthy of long rants, but I'm surprised to hear anyone who has worked at length with PKCS#11 - like Oracle has (and Sun before) - would be particularly praising it.

Re: Some TLS servers are intolerant to SSL/TLS session caching

Kai, On 1/12/2014 03:26, Kai Engert wrote: Have you ever seen a TLS server that was incompatible with TLS session IDs? No. Do you agree this is bug on the server side? Yes. RFC 5246 section 7.3 says this : The client sends a ClientHello using the Session ID of the session to be

Re: NSS OCSP stapling tests

Kai, On 1/3/2014 02:40, Kai Engert wrote: On Do, 2014-01-02 at 19:34 -0800, Julien Pierre wrote: The new OCSP stapling tests in NSS 3.15.3 are all failing on our Solaris machines. See error log below. We have a slightly smaller number of failures on Linux. Are these tests going out

Re: How to create a temporay NSS database in RAM

You can use NSS_NoDB_Init . On 1/6/2014 19:19, chingp...@gmail.com wrote: I am working on a program that verifies the PKCS7 signature attached in a file with the cert provided by the user. Since the purpose of the program is to test whether the cert can verify the signature or not, I only

Re: NSS OCSP stapling tests

Kai, On 1/3/2014 02:40, Kai Engert wrote: On Do, 2014-01-02 at 19:34 -0800, Julien Pierre wrote: The new OCSP stapling tests in NSS 3.15.3 are all failing on our Solaris machines. See error log below. We have a slightly smaller number of failures on Linux. Are these tests going out

NSS OCSP stapling tests

The new OCSP stapling tests in NSS 3.15.3 are all failing on our Solaris machines. See error log below. We have a slightly smaller number of failures on Linux. Are these tests going out to a public OCSP responder on the Internet ? Or are they trying to go to a locally built one ? (sorry, I am

Re: cert validation failure when root cert is in chain

John, On 12/21/2013 12:16, John Dennis wrote: I'm trying to debug a validation failure when using CERT_VerifyCertificate(). The cert being validated is a SSL Server Cert, it is signed by a root cert. I have confirmed the server cert validates using CERT_VerifyCertificate() in a stand alone

Re: SHA-256 support

SHA-256 was added in NSS 3.8 , according to : http://www-archive.mozilla.org/projects/security/pki/nss/ On 11/18/2013 07:00, Gervase Markham wrote: Hi everyone, Following Microsoft's announcement re: SHA-1, some CAs are asking browser and OS vendors about the ubiquity of SHA-256 support. It

Re: Proposal to Change the Default TLS Ciphersuites Offered by Browsers

Julien, On 9/12/2013 07:06, Julien Vehent wrote: If performance was the only reason to prefer AES-128, I would disagree with the proposal. But your other arguments regarding AES-256 not provided additional security, are convincing. The performance is still an issue for servers. More servers

Re: Proposal to Change the Default TLS Ciphersuites Offered by Browsers

Julien, On 9/12/2013 19:35, Julien Vehent wrote: aes-256-cbc with AES-NI does 543763.11kB/s. That's 4.35Gbps of AES bandwidth on a single core. On a decent 8 core load balancer, dedicate 4 to TLS, and you get 17.40Gbps of AES bandwidth. I don't this AES is close to being the limiting factor

Re: Introductions - want to contribute to NSS developer friendliness

Chris, On 6/17/2013 10:58, Chris Newman wrote: I'll mention one other usability issue. I am getting pressure from my employer to stop using NSS due to the MPL 2 license. I got less pressure when I could use NSS under the LGPL 2.1 branch of the tri-license. Switching to OpenSSL has been

Re: Removal of Revocation Lists feature (Options - Advanced - Revocation Lists)

Brian, If this is just about changing the UI in Firefox, I have no objection. If this is about removing the feature from NSS altogether on the other hand, I would like to state that we have several several products at Oracle that use NSS and rely on the ability to have CRLs stored in the

Re: Proposing: Interactive Domain Verification Approval

Ryan, On 12/31/2012 11:43, Ryan Sleevi wrote: So far, the two proposals are: 1) Nag the user whenever they want to make a new secure connection. This nag screen is not shown over HTTP, so clearly, HTTP is preferable here. 2) Respect national borders on the Internet. If anything, the more user

Re: PSM module ownership, switching my focus to NSS

Hi Kai, Good to see you stick around in the Mozilla crypto world . Are there big projects coming up in NSS land ? Or did somebody leave the project ? Thanks, Julien On 12/13/2012 08:10, Kai Engert wrote: Brendan Eich suggested posting to this list, too (already posted yesterday to Mozilla's

Re: NSS 3.14 release

Wan-Teh, Thanks for your response, comments inline. On 10/25/2012 11:17, Wan-Teh Chang wrote: Any client apps that care about the exact cipher suites enabled need to enable and disable each cipher suite explicitly. This Chromium code in this file can be used as code example:

Re: NSS 3.14 release

Oracle still ships NSS with many products even though we are no longer actively involved with its development. We do pick up new releases from time to time. We picked up 3.13.x last year and I'm looking into picking up 3.14 . The following changes may be problematic : 1) * New default cipher

Re: Update on Intel's Identity Protection Technology

Anders, On 8/21/2012 00:45, Anders Rundgren wrote: On 2012-08-21 05:42, Julien Pierre wrote: Anders, On 8/14/2012 20:40, Anders Rundgren wrote: http://communities.intel.com/community/vproexpert/blog/2012/05/18/intel-ipt-with-embedded-pki-and-protected-transaction-display Apparently your

Re: Update on Intel's Identity Protection Technology

Anders, On 8/14/2012 20:40, Anders Rundgren wrote: http://communities.intel.com/community/vproexpert/blog/2012/05/18/intel-ipt-with-embedded-pki-and-protected-transaction-display Apparently your next PC already has it. Some PCs based on Intel chips may have it. A few of us out there do not

Re: For discussion: MECAI: Mutually Endorsing CA Infrastructure

Kai, On 2/7/2012 12:58, Kai Engert wrote: That's a reason why I propose vouchers to be IP specific. In my understanding, each IP will have only a single certificate, regardless from where in the world you connect to it. That's definitely an incorrect assumption to make. There can be a

Re: NSS 3.12.* maintanence after the NSS 3.13 release?

Brian, On 10/18/2011 14:42, Brian Smith wrote: There is one known regression. Do you mean one separate from the SSL 2.0 change, and BEAST ? If so, which one ? Also, the BEAST workaround is an incompatible change for some applications. From what I have read of the BEAST workaround discussion,

Re: NSS 3.12.* maintanence after the NSS 3.13 release?

Brian, On 10/17/2011 15:55, Brian Smith wrote: NSS release announcements are made on the Mozilla dev-tech-crypto mailing list: http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/28c9fd2d65f7bd55# Thanks, I wasn't on the list then. It looks like there is one binary

Re: NSS 3.12.* maintanence after the NSS 3.13 release?

Brian, Thanks for adding me to this list. I had not heard that NSS 3.13 had shipped. What does this release include ? I don't see any release notes beyond 3.12.6 at http://www.mozilla.org/projects/security/pki/nss/release_notes.html . Julien On 10/17/2011 14:28, Brian Smith wrote: Are we

Re: failed to add a new API in cryptohi (in my local client)

Wei Shao wrote: In my local set up, I have added a new method in cryptohi.h and implement it in secsign.c. The compilation is okay. But I try to use it in certutil/certutil.c and got an undefined symbol linking error for my added API. Same error if after I make clean first. I noticed the

Re: Help on building NSPR, NSS on Windows

Frank, Frank Lee wrote: sh ../../build/cygwin-wrapper cl -Fonow.obj -c -W3 -nologo -GF -Gy -MD -O2 -UDEBUG -U_DEBUG -UWINNT -DNDEBUG=1 -DXP_PC=1 -DWIN32=1 -DWIN95=1 -D_PR_GLOBAL_THREADS_ONLY=1 -D_X86_=1 -DFORCE_PR_LOG

Re: Help on building NSPR, NSS on Windows

Wei, [EMAIL PROTECTED] wrote: Are you using cygwin's make program ? Please do a which make to verify. If not, you need to do so. I have the same issue. make does not exist under cygwin. I used gmake from moztools. Yes, cygwin has its own verison of make. Just not in your own cygwin

Re: SSL connection fails on the server with SSL_ERROR_HANDSHAKE_FAILURE_ALERT

Honzab, Honzab wrote: Julien Pierre napsal: NSS only supports RSA ECDHE cipher suites on the client side at this time, so this is expected. If you are using NSS on the server side, you need to enable alternate cipher suites - and of course you need to enable them on the client side as well

Re: NSS_SetDomesticPolicy() return 12266

Alex, Alex wrote: Hello, I wrote a program like this: PRInt32 mod_ssl_startup(char *dbdir, PRInt32 clearCert) { char *dbpath=NULL; char *certfile=NULL; PRErrorCode ercode; SECStatus rv; PK11SlotInfo *slot=NULL; .. rv = NSS_InitReadWrite(dbpath); rv = NSS_SetDomesticPolicy();

Re: How to disable the SSL cache?

ben wrote: Hi there, I am running a Client-side SSL connection using Firefox browser 1.5. I found a problem with it is the SSL caching. Open an FF browser and started a Client-side SSL connection to a web server. It's fine. Now I want to open a different SSL connection with a different user

Re: Building (running) NSS cmd tools?

Hi, Nothing obvious comes to mind about this crash. Run rsaperf.exe within a debugger and see where it crashes . [EMAIL PROTECTED] wrote: I've followed the build instructions on checkout and building NSS (after giving up on getting it to build the cmd utils inside my main mozilla tree). It

Re: CERT_VerifyCertificate question

David, David Stutzman wrote: I'm looking at the functions CERT_VerifyCertificate and CERT_VerifyCertificateNow and see it has 2 parameters of type SECCertificateUsage, one required and one returned. What is the purpose of the returned one? SECCertificateUsage is a bit-field. If you

Re: A couple of CRL import questions

Paul, Paul Neyman wrote: Hi! You guys have been very helpful with my NSS questions :) Mind if I ask a couple more? 1. Is it possible to import a CRL during runtime? I.e: - a process has NSS initialized and is using NSS db. - a user then runs crlutil and imports a CRL (this has worked for

Re: Importing CRL using NSS API

[EMAIL PROTECTED] wrote: Hi! I'm trying to import a CRL (in DER format) using NSS API. Since 3.4 API does not have an import function available, I took the source code from the crlutil and massaged it to fit into our application. NSS 3.4 did have import functions available for CRLs :

Re: NSS Apache module - mod_nss

Wan-Teh Chang wrote: Rob Crittenden wrote: A fair bit of work has been done to mod_nss, an SSL module for Apache that uses NSS instead of OpenSSL, since it was released last September. Changes since then include use the NSS OCSP client, addition of a FIPS mode (similar to modutil -fips true

Re: Client Authentication Problem (and solution!)

Michael, Michael Pratt wrote: So yeah, it was definitely an oversight on our part, but it would still be nice if this was documented. I couldn't find in any of the docs ( http://docs.sun.com/app/docs/coll/S1_DirectoryServer_52) where it stated DS would behave that way if the serial number

Re: Adding Ciphers

Jay Potter wrote: Any suggestions on what I would need to do to get this implimented? A lot of convincing that it is worth doing, to begin with. IMO, pre-shared keys have no place in a general-purpose Internet browser such as Mozilla. The authors of RFC4279 agree - see section 1.1 .