I've tried to enable FIPS in KM 1.6.0b2.
The first thing I did was a little research. I found
Configuring Firefox for FIPS 140-2 which is an old page, but FF doesn't say how old. ¬_¬
So I followed instructions, gave myself a master password, disabled SSL3 (Privacy & Security>Encryption>>Encrypted Transmission), then Privacy & Security>Encryption>>Protected Storage>Manage Crypto Devices. In Device Manager, select
NSS Internal PKCS #11 Module and click "Enable FIPS". Nothing much happened. Actually, nothing happened.
Perservering, open "about:config", and make sure as many of the settings in "ssl" filter as I can find are set according to the FF site, almost all by switching them
off. Essentially, disable SSL3 and unset a number of cyphers.
However, I still see no indication that FIPS has in fact been enabled: going by the FF guide, I should see that in the Device Manager.
So, does KM 1.6.0b2 support FIPS 140-2? Or do we have a bug?
*************************
Allied to this is a question about the security padlock at lower left corner.
On a secure website, I expect to see
this with an orange/amber URL bar.
But on Secure Wikipedia (http
s:\\en...)
I see a red URL bar with a broken padlock. BTW, Secure Wikipedia has always done this.
Am I reading the padlocks correctly?
Gordon.
____________________
Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall" 01372 January 22, 2007
http://freefall.purrsia.com/ff1400/fv01372.htm]
Edited 1 time(s). Last edit at 09/25/2011 02:01PM by gordon451.