info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
NSS 4.0 FIPS enabled for Windows
85 views
Skip to first unread message
tan...@gmail.com
Jan 9, 2017, 1:05:50 PM1/9/17
to mozilla-de...@lists.mozilla.org
Hi All,
We are consuming NSS crpto libraries for our project. I had some queries regarding the FIPS compliance for NSS for Windows environment.
NSS cryptographic libraries ver 4.0 currently is certified for Red Hat Linux based environments as per https://www.cryptsoft.com/fips140/out/cert/2711.html
&& https://www.cryptsoft.com/fips140/out/cert/2721.html
Is there any plan to support the FIPS compliance for Windows OS based environments for the current version? Will the current version be supported for Win platforms in the near future?
If so please share the details.
Thanks,
Tanay
We are consuming NSS crpto libraries for our project. I had some queries regarding the FIPS compliance for NSS for Windows environment.
NSS cryptographic libraries ver 4.0 currently is certified for Red Hat Linux based environments as per https://www.cryptsoft.com/fips140/out/cert/2711.html
&& https://www.cryptsoft.com/fips140/out/cert/2721.html
Is there any plan to support the FIPS compliance for Windows OS based environments for the current version? Will the current version be supported for Win platforms in the near future?
If so please share the details.
Thanks,
Tanay
tapas.a...@gmail.com
Mar 1, 2017, 8:16:22 PM3/1/17
to mozilla-de...@lists.mozilla.org
J.C. Jones
Mar 1, 2017, 8:36:56 PM3/1/17
to tapas.a...@gmail.com, mozilla-de...@lists.mozilla.org
Tapas, Tanay:
I'm not aware of any activity to re-valdiate FIPS for Windows targets at
this time. The last validation on Windows that I'm aware of was in 2009
[1], covering 32-bit Windows XP SP3, according to some of the certificates
at NIST CSRC [2].
It's possible that the previous validation will be sufficient for newer
versions of Windows, depending on the context in which you need to use a
validated module. CMVP would be the best source of guidance on that.
[1] https://wiki.mozilla.org/FIPS2009
[2] http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html#1128
Cheers,
J.C.
On Tue, Feb 28, 2017 at 9:22 PM, <tapas.a...@gmail.com> wrote:
> On Monday, January 9, 2017 at 11:35:50 PM UTC+5:30, tanaysees wrote:
> dev-security mailing list
> dev-se...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security
>
I'm not aware of any activity to re-valdiate FIPS for Windows targets at
this time. The last validation on Windows that I'm aware of was in 2009
[1], covering 32-bit Windows XP SP3, according to some of the certificates
at NIST CSRC [2].
It's possible that the previous validation will be sufficient for newer
versions of Windows, depending on the context in which you need to use a
validated module. CMVP would be the best source of guidance on that.
[1] https://wiki.mozilla.org/FIPS2009
[2] http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html#1128
Cheers,
J.C.
On Tue, Feb 28, 2017 at 9:22 PM, <tapas.a...@gmail.com> wrote:
> On Monday, January 9, 2017 at 11:35:50 PM UTC+5:30, tanaysees wrote:
> + 1 for this. Anyone have any information on this one?
> _______________________________________________
> dev-security mailing list
> dev-se...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security
>
0 new messages