"Edward A. Feustel" wrote: > > Since 4.79 Netscape with PSM I have had FIPS encryption enabled. After > 6.0 and Mozilla came out, I continued trying to use it. I found that I was > continually getting -12xxx errors.
Knowing exactly which errors you were getting might be helpful. Knowing the URLs of some web sites with which you have troubles would help. Also knowing what exact version you're useing might be helpful. I'd suggest that you try the latest Netscape 7.x or mozilla (e.g. 1.3Beta). > Further, often I could not redirect to https sites at all (no error > messages were produced). Error messages are something of a weakness in mozilla, in my opinion. > The other day, I chanced to turn off FIPS and "what do you know", the errors > went away! That description doesn't surprise me. FIPS mode uses only a limited subset of the ciphers that are implemented in common web browsers and servers. FIPS mode takes away from the browser capabilities. It doesn't add to them. When you turn on FIPS mode, you can only communicate with servers that implement FIPS ciphersuites. Attempts to communicate with servers that do not offer FIPS ciphersuites should fail, producing errors. So, I'd expect you to experience more failures with FIPS than without. I'm wondering why you didn't experience any failures before with C 4.79. > Were my expectations that; > 1. the FIPS modules were included in the Talkback distribution incorrect? I don't know what that distribution is. > 2. the FIPS modules work? Yes. They recently been revalidated by NIST, in fact. > Perhaps I misunderstand what turning on FIPS cryptography means. > > Thanks. > Ed Feustel -- Nelson Bolyard Disclaimer: I speak for myself, not for Netscape
