canmove, Confirmed users
937
edits
FIPS Design Assurance: Difference between revisions
→Installation
| Line 16: | Line 16: | ||
===Installation=== | ===Installation=== | ||
NSS cryptographic module releases are available from mozilla.org's [https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/ secure site ] as compressed (gzipped) tar files or zip files. The site uses | NSS cryptographic module releases are available from mozilla.org's [https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/ secure download site] as compressed (gzipped) tar files or zip files. The site uses the HTTPS protocol (HTTP over TLS) for delivering authenticated versions of the NSS cryptographic module. | ||
To install NSS in the approved manner perform the following steps. Refer to [http://wiki.mozilla.org/Security_Policy#Specification_of_Security_Policy Security Policy Rule | To install the NSS cryptographic module in the approved manner perform the following steps. Refer to [http://wiki.mozilla.org/Security_Policy#Specification_of_Security_Policy Security Policy Rule 36] for more detail about these steps. | ||
# Expand the tar or zip file into a directory in a location that is suitably secured using the capabilities of the local operating system. Similarly | # Expand the tar or zip file into a directory in a location that is suitably secured using the capabilities of the local operating system. Similarly download and expand a version of NSPR libraries. | ||
# Use the chmod utility to set the file mode bits of the shared libraries/DLLs to 0755 so that all users can execute the library files, but only the files' owner can modify. | # Use the chmod utility to set the file mode bits of the shared libraries/DLLs to 0755 so that all users can execute the library files, but only the files' owner can modify. | ||
# Use the chmod utility to set the file mode bits of the associated .chk files to 0644. For example, on most Unix and Linux platforms. | # Use the chmod utility to set the file mode bits of the associated .chk files to 0644. For example, on most Unix and Linux platforms. | ||
# By default the NSS cryptographic module operates in the non-FIPS Approved mode, meaning that if an application calls the standard PKCS #11 function C_GetFunctionList and calls the function pointers in that list, it gets the non-FIPS Approved mode. To run the NSS cryptographic module in the FIPS Approved mode, an application must call the alternative function FC_GetFunctionList and call the function pointers in that list. See [http://wiki.mozilla.org/Security_Policy#Specification_of_Security_Policy Rule 36 ] for an example of a | # By default the NSS cryptographic module operates in the non-FIPS Approved mode, meaning that if an application calls the standard PKCS #11 function C_GetFunctionList and calls the function pointers in that list, it gets the non-FIPS Approved mode. To run the NSS cryptographic module in the FIPS Approved mode, an application must call the alternative function FC_GetFunctionList and call the function pointers in that list. See [http://wiki.mozilla.org/Security_Policy#Specification_of_Security_Policy Rule 36] for an example of a programmatic method of placing the NSS cryptographic module into FIPS mode. | ||
===Components=== | ===Components=== | ||