> I believe the NSS 3.11.4/NSPR 4.6.4 tags were chosen specifically
> for their FIPS validation status.
>
> Since you need the bug fix in the upcoming NSS 3.11.10, you should
> update the Dogtag wiki page to use NSS_3_11_BRANCH (until
> NSS_3_11_10_RTM is created) and NSPR_4_7_1_RTM. You can
> restore FIPS compliance by dropping in the libsoftokn3.{so,chk}
> and libfreebl3.{so,chk} files from NSS 3.11.4.
Nelson and Wan-Teh,
OK...Good info from both of you. The ECC PKCS11 module that I added is
actually FIPS-approved. So, in my case least, I should be ok regardless
of the version of NSS I use or I *still* need a FIPS-approved and
enabled softtoken in addition to my FIPS 3rd party PKCS11 module?
I actually toasted my test CA box this morning and just reinstalled it.
Since I need to pull NSS and recompile it following those instructions
again, I'll test using NSS_3_11_BRANCH and NSPR_4_7_1_RTM and if it
works, will edit the wiki again, if that doesn't work, I will try
NSS_3_12_RTM and NSPR_4_7_1_RTM and if those work will edit the wiki and
also add a note about the FIPS compliance.
As always, thanks!
Dave
_______________________________________________
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
