ll be followed.
>> It is still a Wish that OpenSource applications and libraries
>> in general should log errors in a standardized way,
> The audit kernel subsystem (that libreswan also supports) is such an
> attempt.
Interesting.
--
View this message in context:
http://mozilla.
On Fri, 22 Jan 2016, jonetsu wrote:
For instance if the system at boot finds a FIPS-related error then it should
stop everything. For instance binary integrity failure. Report using one of
the FIPS logical interfaces and reboot. No library or application will do
that.
Why would that be the
this message in context:
http://mozilla.6506.n7.nabble.com/Using-NSS-in-FIPS-mode-tp350446p350498.html
Sent from the Mozilla - Cryptography mailing list archive at Nabble.com.
smime.p7s
Description: S/MIME Cryptographic Signature
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https
On Fri, 22 Jan 2016, jonetsu wrote:
Paul Wouters wrote:
How is a library in FIPS mode when it hasn't yet initialised because
the application has not kicked of yet? Do you actually initialise
them using a test program?
Yes. This is the case for OpenSSL and GnuTLS. For NSS, as we have seen,
On Fri, 22 Jan 2016, jonetsu wrote:
libreswan uses NSS and supports a FIPS mode.
I know. I wouldn't call libreswan 'example code', though :)
I have browsed the code although did not find what I was looking for,
which is exactly what you mentioned above. In our systems we have to
verify
of enabling the self-tests.
No restrictions on algorithms, etc, are applied.
Hmmm... Do you mean that the current libreswan does not fully support FIPS ?
:)
--
View this message in context:
http://mozilla.6506.n7.nabble.com/Using-NSS-in-FIPS-mode-tp350446p350515.html
Sent from the Mozilla
tton to flip to FIPS mode.
I should have mentioned that the application is in C and is by no way
related to Firefox.
Comments much appreciated, cheers.
--
View this message in context:
http://mozilla.6506.n7.nabble.com/Using-NSS-in-FIPS-mode-tp350446p350498.html
Sent from the Mozilla - Cryptogr
are kicking off.
Cheers.
--
View this message in context:
http://mozilla.6506.n7.nabble.com/Using-NSS-in-FIPS-mode-tp350446p350499.html
Sent from the Mozilla - Cryptography mailing list archive at Nabble.com.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozil
is message in context:
http://mozilla.6506.n7.nabble.com/Using-NSS-in-FIPS-mode-tp350446p350523.html
Sent from the Mozilla - Cryptography mailing list archive at Nabble.com.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
of NSS if an application tries to use a
non-approved algorithm ?
Finally, is there any example code out there that uses NSS in FIPS
mode ?
Any comments, suggestions appreciated, thanks.
--
View this message in context:
http://mozilla.6506.n7.nabble.com/Using-NSS-in-FIPS-mode-tp350446.html
, suggestions appreciated, thanks.
--
View this message in context:
http://mozilla.6506.n7.nabble.com/Using-NSS-in-FIPS-mode-tp350446.html
Sent from the Mozilla - Cryptography mailing list archive at Nabble.com.
smime.p7s
Description: S/MIME Cryptographic Signature
--
dev-tech-crypto mailing
On Thu, 21 Jan 2016, Robert Relyea wrote:
The call PK11_IsFIPS() returns true if softoken is in FIPS mode.
Oh, I did not know about this one. I guess once we (the application)
detect the system is in FIPS mode, we could verify that NSS is as well.
Finally, is there any example code out
12 matches
Mail list logo
