> -----Original Message----- > From: > [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > la.org] On Behalf Of Dean > Sent: Wednesday, July 23, 2008 12:09 PM > To: dev-tech-crypto@lists.mozilla.org > Subject: Re: Failed to toggle FIPS mode with JSS
> Essentially I have an SSL implementation that I want to change to use > only FIPs certified crypto .... effectivly (hopefully) resulting in a > FIPs compliant JSSE implementation. I suspect I should be trying to > write JNI to wrap the NSS SSL libraries themselves and write a JSSE > implementation to that API ... but there are time/resource > constraints ... and I'm not even sure the NSS SSL APIs surface enough > detail to map to JSSE completely. A couple alternatives to what you are currently trying: http://java.sun.com/javase/6/docs/technotes/guides/security/enhancements .html says: # Access Network Security Services (NSS) using SunPKCS11 The SunPKCS11 provider supports new configuration directives which allow it to access the NSS security library. This enables Java applications to read keys stored in the NSS database files, use ECC algorithms, and to use the NSS Softtoken as a FIPS 140 compliant cryptography provider. For more information see the NSS section in the PKCS#11 guide. # FIPS 140 compliance for SunJSSE The SunJSSE provider now supports an experimental FIPS 140 compliant mode. When enabled and used in combination with the SunPKCS11 provider and an appropriate FIPS 140 certified PKCS#11 token, SunJSSE is FIPS 140 compliant. For details, see the JSSE Reference Guide. The "NSS section in the PKCS#11 guide: http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.htm l#NSS So use NSS 3.11.4 which is FIPS certified directly via SunPKCS11 rather than JSS. Or, if you can use Java 1.4.2, you can use IBM's FIPS certified JSSE/JCE provider: http://www.ibm.com/developerworks/java/jdk/security/142/FIPShowto.html _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
