As Nelson mentioned, just using FIPS-approved NSS isn't enough. Go to the NIST website and download the Security Policy document. That tells you how you must configure/run the system to be truly FIPS compliant. http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2007.htm#815
Straight to the policy: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp815.pdf Dave _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
