David Sadler wrote, On 2008-07-15 12:49: > > I have installed > mozilla-nss-3.11-21.9.s390x.rpm > mozilla-nss-debuginfo-3.11-21.9.s390x.rpm > mozilla-nss-devel-3.11-21.9.s390x.rpm > mozilla-nss-tools-3.11-21.9.s390x.rpm > apache2-prefork-2.2.3-16.9 > and a "mod_nss-1.0.7" from cvs.fedora.redhat.com this is loaded in > apache via a > "LoadModule nss_module /usr/lib64/apache2-prefork/mod_nss.so" in the > httpd.conf file. > > Based on your comment I should upgrade mozzilla-nss to 3.12, I do not > think that there is a more currect version of mod_nss available.
Um, you replied to my comment to David Stutzman. I think David ran into a known problem with NSS 3.11.x generating ECC key pairs in third party crypto modules. There's a fix for that now, that is available in source form, but it not yet officially released. I'm not suggesting that anyone upgrade to 3.12 to solve the ECC problem, (although I do believe it is fixed in 3.12). Rather I suggest they try the 3.11.10 source code. The problem you had, in another thread, is (reportedly) not with using generated ECC key pairs, but rather is with loading a particular third party crypto module. I'll reply to your message in that thread, to try to keep the threads separate. > Give that I upgrade, am I doing the correct process to enable nss to > access our crypto hardware? > > I have an openCryptoki modules that calls the IBM hardware module > libICA. That has the function calls that modutil is looking for. > > However, for openSSL in apache we installed an IBMca engine that called > the libICA module. > > Has anyone enabled apache2 configured with nss to work with crypto > hardware? Sure, lots of people have. _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
