Edit this page
Translate this pageSearch
Pretražite Firefox pomoć
This article has not yet been translated to Hrvatski (hr). Perhaps you could help us with that?
Just click translate this page and follow the instructions.
Configuring Firefox for FIPS 140-2
Federal Information Processing Standard (FIPS) number 140-2 defines a large set of crypto security requirements for all software used by US Government employees. US Government employees need to know how to make Firefox 2 and Firefox 3 be "FIPS 140 compliant". The steps shown below will bring your Firefox browser into compliance with FIPS 140-2 and also with NIST SP 800-52, Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations.
Table Of Contents
- Step 1: Disable SSL 2 and SSL 3, leaving only TLS
- Step 2: Enable FIPS in Firefox's NSS Internal PKCS#11 module
- Step 3: Disable all the non-FIPS TLS cipher suites in about:config
Step 1: Disable SSL 2 and SSL 3, leaving only TLS
- At the top of the Firefox windowOn the menu bar, click on the ToolsFirefoxEdit menu, and select Options...Preferences....
- In the optionspreferences window, select the Advanced panel, then select the Encryption tab.
- Remove the check from the Use SSL 3.0 box, and ensure that the Use TLS 1.0 box is checked.
, as shown here:
- Then click the button to begin step 2.
Step 2: Enable FIPS in Firefox's NSS Internal PKCS#11 module
- In the Device Manager window, select NSS Internal PKCS #11 Module, then click on the button.
- After you click the button, you should see the words FIPS 140 in your Device Manager window.
, as shown here:
- Click to close the Device Manager window.
- Click Close the preferences window.
Step 3: Disable all the non-FIPS TLS cipher suites in about:config
- In the Location bar, type about:config and press EnterReturn.
- The about:config "This might void your warranty!" warning page may appear. Click , to continue to the about:config page.
- In the text box by the word Filter:, type in ssl.
- You should see a page that has preferences that are similar to the ones shown below. Go through your preferences and compare each one to the ones shown below. If you don't have all the preferences shown below, or if you have preferences not shown below, don't worry about them. Just compare the preferences whose names match the ones shown below. Make sure that each of your ssl preferences has the same true/false value as shown below. If any preference does not have a matching value, double-click it to change it.
Filter:sslPreference Name Status Type Value security.enable_ssl2 default boolean false security.enable_ssl3 user set boolean false security.ssl2.des_64 default boolean false security.ssl2.des_ede3_192 default boolean false security.ssl2.rc2_128 default boolean false security.ssl2.rc2_40 default boolean false security.ssl2.rc4_128 default boolean false security.ssl2.rc4_40 default boolean false security.ssl3.dhe_dss_aes_128_sha default boolean true security.ssl3.dhe_dss_aes_256_sha default boolean true security.ssl3.dhe_dss_camellia_128_sha user set boolean false security.ssl3.dhe_dss_camellia_256_sha user set boolean false security.ssl3.dhe_dss_des_ede3_sha default boolean true security.ssl3.dhe_dss_des_sha default boolean false security.ssl3.dhe_rsa_aes_128_sha default boolean true security.ssl3.dhe_rsa_aes_256_sha default boolean true security.ssl3.dhe_rsa_camellia_128_sha user set boolean false security.ssl3.dhe_rsa_camellia_256_sha user set boolean false security.ssl3.dhe_rsa_des_ede3_sha default boolean true security.ssl3.dhe_rsa_des_sha default boolean false security.ssl3.ecdh_ecdsa_aes_128_sha default boolean true security.ssl3.ecdh_ecdsa_aes_256_sha default boolean true security.ssl3.ecdh_ecdsa_des_ede3_sha default boolean true security.ssl3.ecdh_ecdsa_null_sha default boolean false security.ssl3.ecdh_ecdsa_rc4_128_sha user set boolean false security.ssl3.ecdh_rsa_aes_128_sha default boolean true security.ssl3.ecdh_rsa_aes_256_sha default boolean true security.ssl3.ecdh_rsa_des_ede3_sha default boolean true security.ssl3.ecdh_rsa_null_sha default boolean false security.ssl3.ecdh_rsa_rc4_128_sha user set boolean false security.ssl3.ecdhe_ecdsa_aes_128_sha default boolean true security.ssl3.ecdhe_ecdsa_aes_256_sha default boolean true security.ssl3.ecdhe_ecdsa_des_ede3_sha default boolean true security.ssl3.ecdhe_ecdsa_null_sha default boolean false security.ssl3.ecdhe_ecdsa_rc4_128_sha user set boolean false security.ssl3.ecdhe_rsa_aes_128_sha default boolean true security.ssl3.ecdhe_rsa_aes_256_sha default boolean true security.ssl3.ecdhe_rsa_des_ede3_sha default boolean true security.ssl3.ecdhe_rsa_null_sha default boolean false security.ssl3.ecdhe_rsa_rc4_128_sha user set boolean false security.ssl3.rsa_1024_des_cbc_sha default boolean false security.ssl3.rsa_1024_rc4_56_sha default boolean false security.ssl3.rsa_aes_128_sha default boolean true security.ssl3.rsa_aes_256_sha default boolean true security.ssl3.rsa_camellia_128_sha user set boolean false security.ssl3.rsa_camellia_256_sha user set boolean false security.ssl3.rsa_des_ede3_sha default boolean true security.ssl3.rsa_des_sha default boolean false security.ssl3.rsa_fips_des_ede3_sha user set boolean false security.ssl3.rsa_fips_des_sha default boolean false security.ssl3.rsa_null_md5 default boolean false security.ssl3.rsa_null_sha default boolean false security.ssl3.rsa_rc2_40_md5 default boolean false security.ssl3.rsa_rc4_128_md5 user set boolean false security.ssl3.rsa_rc4_128_sha user set boolean false security.ssl3.rsa_rc4_40_md5 default boolean false
When all the entries match, you're done. You should exit and restart Firefox to ensure that the changes are properly recorded.
Did this article solve a problem you had with Firefox?
Was this article easy to understand?
Still need help? Ask a support question.
Help us improve this article. Submit additional feedback.
Page last modified on Thursday 04 of June, 2009 10:43:38 PST.
Contributors to this page: Chris_Ilias
and
nelsonb
.
- This is a help article -