Algorithms supported in NSS 3.17, FIPS mode

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Algorithms supported in NSS 3.17, FIPS mode

jonetsu
Hello,


I am trying to get a list of the algorithms and ciphers supported by NSS 3.17 in FIPS mode.  Not easy.  Whereas OpenSSL and GnuTLS lists them at run-time, no such thing seems to exist for NSS (correct me if I'm wrong).  Is there then a document, validation certification, that would list them ?  More to the point, I would like to know if AES in CBC mode is supported (128 and 256), AES in GCM mode (also 128 and 256), SHA1 and which SHA2, and hash-based DRBG.  


Any information much appreciated, thanks.





--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: Algorithms supported in NSS 3.17, FIPS mode

Paul Wouters-2
Don't know about DRBG, but everything else you asked for is supported.

Sent from my iPhone

> On Dec 14, 2015, at 18:03, jonetsu <[hidden email]> wrote:
>
> Hello,
>
>
> I am trying to get a list of the algorithms and ciphers supported by NSS 3.17 in FIPS mode.  Not easy.  Whereas OpenSSL and GnuTLS lists them at run-time, no such thing seems to exist for NSS (correct me if I'm wrong).  Is there then a document, validation certification, that would list them ?  More to the point, I would like to know if AES in CBC mode is supported (128 and 256), AES in GCM mode (also 128 and 256), SHA1 and which SHA2, and hash-based DRBG.  
>
>
> Any information much appreciated, thanks.
>
>
>
>
>
> --
> dev-tech-crypto mailing list
> [hidden email]
> https://lists.mozilla.org/listinfo/dev-tech-crypto
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: Algorithms supported in NSS 3.17, FIPS mode

Robert Relyea
On 12/14/2015 05:04 PM, Paul Wouters wrote:

> Don't know about DRBG, but everything else you asked for is supported.
>
> Sent from my iPhone
>
>> On Dec 14, 2015, at 18:03, jonetsu <[hidden email]> wrote:
>>
>> Hello,
>>
>>
>> I am trying to get a list of the algorithms and ciphers supported by NSS 3.17 in FIPS mode.  Not easy.  Whereas OpenSSL and GnuTLS lists them at run-time, no such thing seems to exist for NSS (correct me if I'm wrong).  Is there then a document, validation certification, that would list them ?  More to the point, I would like to know if AES in CBC mode is supported (128 and 256), AES in GCM mode (also 128 and 256), SHA1 and which SHA2, and hash-based DRBG.
DRBG is also supported. NSS only supports hashed based DRBG for it's
random function (whether in FIPS mode or not).

bob

>>
>>
>> Any information much appreciated, thanks.
>>
>>
>>
>>
>>
>> --
>> dev-tech-crypto mailing list
>> [hidden email]
>> https://lists.mozilla.org/listinfo/dev-tech-crypto


--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto

smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Algorithms supported in NSS 3.17, FIPS mode

Wayne
In reply to this post by Paul Wouters-2
Good to know, but is there a complete list?  Is there
some option/command to list this info at runtime?

--
Wayne

On 12/15/2015 4:26 PM, Robert Relyea wrote:

> On 12/14/2015 05:04 PM, Paul Wouters wrote:
>> Don't know about DRBG, but everything else you asked for is supported.
>>
>> Sent from my iPhone
>>
>>> On Dec 14, 2015, at 18:03, jonetsu <[hidden email]> wrote:
>>>
>>> Hello,
>>>
>>>
>>> I am trying to get a list of the algorithms and ciphers supported by NSS 3.17 in
>>> FIPS mode.  Not easy.  Whereas OpenSSL and GnuTLS lists them at run-time, no such
>>> thing seems to exist for NSS (correct me if I'm wrong).  Is there then a document,
>>> validation certification, that would list them ?  More to the point, I would like
>>> to know if AES in CBC mode is supported (128 and 256), AES in GCM mode (also 128
>>> and 256), SHA1 and which SHA2, and hash-based DRBG.
> DRBG is also supported. NSS only supports hashed based DRBG for it's random function
> (whether in FIPS mode or not).
>
> bob
>>>
>>>
>>> Any information much appreciated, thanks.
>>>
>>>
>>>
>>>
>>>
>>> --
>>> dev-tech-crypto mailing list
>>> [hidden email]
>>> https://lists.mozilla.org/listinfo/dev-tech-crypto
>
>
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto