Swaminathan Seetharaman wrote: > IS JSS3.1 FIPS-140-1 level 2 complaint.
I don't know the answer to this; you should ask in the n.p.m.crypto newsgroup (to which I'm setting followups). Certainly NSS was validated in the past as FIPS 140-1 compliant, but I haven't kept up with this area since I left Netscape. > I saw couple of FIPS ciphers supported(3DES, DES) in the SSLSocket > API's. > Are there any pointers for this? What kind of pointers are you looking for? The FIPS documents that NIST issued for DES or 3DES? Or something else? If you're asking specifically about the "FIPS ciphersuites" (i.e., SSL ciphersuites with "FIPS" in their names) note that you should _not_, repeat _not_, be using the FIPS ciphersuites. It's a long story, but suffice it to say that the FIPS ciphersuites were an ugly hack put into the NSS implementation of SSL 3.0 at the request of NIST during the original NSS FIPS 140-1 validation effort way back when. Now that TLS 1.0 has been standardized and implemented in NSS, there is no need whatsoever to use the FIPS ciphersuites. Using TLS 1.0 with the standard DES or 3DES ciphersuites fully addresses the concerns that occasioned the creation of the FIPS ciphersuite hack. To sum up: Just say "no" to FIPS ciphersuites :-) > Also I'm wondering, if there are any workaround or patch for problem of > importing private key from .p12 > files in the JSS 3.1 version. I don't know the answer to this. Frank -- Frank Hecker [EMAIL PROTECTED]
