diff options
| author | rcritten <> | 2005-09-08 14:08:02 +0000 |
|---|---|---|
| committer | rcritten <> | 2005-09-08 14:08:02 +0000 |
| commit | 609e2db639062a6eaf66ca0d8275e01fb19fc44b (patch) | |
| tree | fe846dfc931e9771d8eb837912d57e3e9f9161c1 /docs | |
| parent | 4283b33b1cd4276835fef9a754c6d345786b8854 (diff) | |
| download | mod_nss-609e2db639062a6eaf66ca0d8275e01fb19fc44b.tar.gz mod_nss-609e2db639062a6eaf66ca0d8275e01fb19fc44b.tar.xz mod_nss-609e2db639062a6eaf66ca0d8275e01fb19fc44b.zip | |
Update to reflect changes to the NSSFIPS directive
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/mod_nss.html | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/docs/mod_nss.html b/docs/mod_nss.html index 3a03c54..1e34846 100644 --- a/docs/mod_nss.html +++ b/docs/mod_nss.html @@ -350,8 +350,19 @@ Example</span><br style="font-weight: bold;"> <br> Enables or disables FIPS 140 mode. This replaces the standard internal PKCS#11 module with a FIPS-enabled one. It also forces the -enabled protocols to SSLv3 and TLSv1 and disables all ciphers but the -FIPS ones.<br> +enabled protocols to TLSv1 and disables all ciphers but the +FIPS ones. You may still select which ciphers you would like +limited to those that are FIPS-certified. Any non-FIPS that are +included in the NSSCipherSuite entry are automatically disabled. +The allowable ciphers are:<br> +<ul> +<li>rsa_3des_sha</li> +<li>rsa_des_sha</li> +<li>fips_3des_sha</li> +<li>fips_des_sha</li> +<li>rsa_des_56_sha</li> +<li>fortezza</li> +</ul> <span style="font-weight: bold;"><br> </span>FIPS is disabled by default.<br> <span style="font-weight: bold;"><br> |