198
edits
FIPS Design Assurance: Difference between revisions
→Installation
| Line 16: | Line 16: | ||
===Installation=== | ===Installation=== | ||
NSS cryptographic module releases are available from mozilla.org's | NSS cryptographic module releases are available from mozilla.org's [https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/ secure site ] as compressed (gzipped) tar files or zip files. The site uses secure HTTP protocol for delivering authenticated versions of NSS. | ||
To install NSS in the approved manner perform the following steps. Refer to [http://wiki.mozilla.org/Security_Policy#Specification_of_Security_Policy Security Policy Rule 36 ] for more detail about these steps. | |||
# Expand the tar or zip file into a directory in a location that is suitably secured using the capabilities of the local operating system. Similarly load and expand a version of NSPR libraries. | |||
# Use the chmod utility to set the file mode bits of the shared libraries/DLLs to 0755 so that all users can execute the library files, but only the files' owner can modify. | |||
# Use the chmod utility to set the file mode bits of the associated .chk files to 0644. For example, on most Unix and Linux platforms. | |||
# By default the NSS cryptographic module operates in the non-FIPS Approved mode, meaning that if an application calls the standard PKCS #11 function C_GetFunctionList and calls the function pointers in that list, it gets the non-FIPS Approved mode. To run the NSS cryptographic module in the FIPS Approved mode, an application must call the alternative function FC_GetFunctionList and call the function pointers in that list. See [http://wiki.mozilla.org/Security_Policy#Specification_of_Security_Policy Rule 36 ] for an example of a programatic method of placing the NSS cryptographic module into FIPS mode. | |||
===Components=== | ===Components=== | ||