summaryrefslogtreecommitdiffstats
path: root/pki/base/tps/apache/conf/nss.conf
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/tps/apache/conf/nss.conf')
-rw-r--r--pki/base/tps/apache/conf/nss.conf12
1 files changed, 12 insertions, 0 deletions
diff --git a/pki/base/tps/apache/conf/nss.conf b/pki/base/tps/apache/conf/nss.conf
index 2e0b0eca..314df040 100644
--- a/pki/base/tps/apache/conf/nss.conf
+++ b/pki/base/tps/apache/conf/nss.conf
@@ -92,10 +92,16 @@ TransferLog [SERVER_ROOT]/logs/access_log
# Enable/Disable SSL for this virtual host.
NSSEngine on
+# FIPS Switch:
+# Enable/Disable FIPS mode
+# NSSFIPS on
+
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_nss documentation for a complete list.
NSSCipherSuite -des,-desede3,-rc2,-rc2export,-rc4,-rc4export,+rsa_3des_sha,-rsa_des_56_sha,+rsa_des_sha,-rsa_null_md5,-rsa_null_sha,-rsa_rc2_40_md5,+rsa_rc4_128_md5,-rsa_rc4_128_sha,-rsa_rc4_40_md5,-rsa_rc4_56_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-fips_des_sha,+fips_3des_sha,-rsa_aes_128_sha,-rsa_aes_256_sha,+ecdhe_ecdsa_aes_256_sha
+# SSL cipher suite in FIPS mode:
+# NSSCipherSuite +rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
NSSProtocol SSLv3,TLSv1
@@ -187,10 +193,16 @@ TransferLog [SERVER_ROOT]/logs/access_log
# Enable/Disable SSL for this virtual host.
NSSEngine on
+# FIPS Switch:
+# Enable/Disable FIPS mode
+# NSSFIPS on
+
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_nss documentation for a complete list.
NSSCipherSuite -des,-desede3,-rc2,-rc2export,-rc4,-rc4export,+rsa_3des_sha,-rsa_des_56_sha,+rsa_des_sha,-rsa_null_md5,-rsa_null_sha,-rsa_rc2_40_md5,+rsa_rc4_128_md5,-rsa_rc4_128_sha,-rsa_rc4_40_md5,-rsa_rc4_56_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-fips_des_sha,+fips_3des_sha,-rsa_aes_128_sha,-rsa_aes_256_sha,+ecdhe_ecdsa_aes_256_sha
+# SSL cipher suite in FIPS mode:
+# NSSCipherSuite +rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
NSSProtocol SSLv3,TLSv1
generated by cgit (git 2.34.1) at 2024-06-10 21:13:41 +0000