I am not concerned about FIPs for now.
For Windows, The only version of softokn and freebl were in the Firefox
program files. FF3 seems to work ok now on Windows. I don't recall doing
anything other than rebooting Windows and restarting FF3.
Still not working in Fedora 8. Except for copies in the area in my home
directory where I built NSS, the only copies of the NSS libraries are in:
/usr/lib/xulrunner/usr/lib/xulrunner-sdk-1.9.0.1/sdk/lib/
/usr/lib/xulrunner-1.9.0.1/
/usr/lib/
The .chk files are only in /usr/lib.
The install of FF3 created the xulrunner directories. I had deployed all of
the libraries from the dist directory of the NSS/NSPR build to /usr/lib.
Prior to FF3 install, they were the only NSS/NSPR files on the system.
Thanks,
Bill Price
[
"Nelson B Bolyard" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Wan-Teh Chang wrote, On 2008-07-25 12:03:
>> On Fri, Jul 25, 2008 at 6:59 AM, mozilla <[EMAIL PROTECTED]> wrote:
>>> I expected FF3.0.1 to do TLS with the specific ECC ciphersuite that you
>>> identify. However, my FF3 is not offering the ECC suites in its client
>>> hello. I downloaded FF3.0.1 from the mozilla.com site yesterday
>>> (7/24/08). I
>>> just did the quick download without any custom configuration. (There
>>> should
>>> not have been any previous versions of NSS on the system.)
>
> William,
> Please search your system(s) for all files whose names include the string
> softokn and for all files whose names include the string freebl.
>
> I suspect that it MAY be the case that there are other copies of NSS on
> your system(s), and that those other copies are being used instead of
> the copies that were downloaded with FF3.x. Perhaps a change is needed
> to your LD_LIBRARY_PATH on Linux. Perhaps there is a copy of NSS
> installed
> in some system directory (e.g. \Windows\System32) on Windows.
>
>> Did you disable TLS 1.0? Please check
>> Tools > Options > Encryption > Protocols. Is the "Use TLS 1.0"
>> checkbox checked?
>>
>> You also seem to have disabled the AES and Camellia cipher suites,
>> which Firefox 3.0.1 supports.
>
> Wan-Teh,
> Considering that William is interested in FIPS 140 compliance, it's not
> surprising that he would disable non-FIPS ciphers such as Camellia.
>
> /Nelson
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
