Operating Netscape Navigator in FIPS PUB 140-1 Compliant Mode

[Contents]


CONFIGURING THE FIPS PUB 140-1 MODULE

  1. Open up a Netscape Navigator window.

    IMPORTANT NOTE: If the Navigator is being executed on a C2-compliant platform, the system administrator must insure that the executable's read mode for others has been disabled. For example, on C2-compliant Unix operating systems, the executable should have the permissions -r-xr-x--x, or 00551.

    This should be set by the system administrator after installing the executable, and may be accomplished by typing:

    chmod 551 netscape (where netscape is the name of the executable)

  2. In the Navigation Toolbar, click on the Security button. The Security Info window should appear:

  3. In the left frame of the Security Info window, click Passwords. The Password section appears in the Security Info window:

  4. Click Set Password. The Setting Up Your Communicator Password dialog box should appear.

    Enter a new password in the Password field, and confirm your password by typing it again in the confirmation field.

  5. Click OK and return to the Security Info window.

  6. In the left frame of the Security Info window, click Navigator. The Navigator section appears in the Security Info window.

    Make sure that the check box in front of the SSL v2 line is not checked, so that the Navigator section looks like this:

  7. Click Configure SSL v3, and the Configure Ciphers dialog box should appear.

    Make sure that the following checkboxes are not checked:

    • RC4 encryption with a 128-bit key and an MD5 MAC
    • RC4 encryption with a 40-bit key and an MD5 MAC
    • RC2 encryption with a 40-bit key and an MD5 MAC
    • No encryption with an MD5 MAC

    Likewise, make sure that the following checkboxes are checked:

    • Triple DES encryption with a 168-bit key and a SHA-1 MAC
    • DES encryption with a 56-bit key and a SHA-1 MAC

    The dialog box should look exactly like this:

  8. Click OK and return to the Security Info window.

  9. In the left frame of the Security Info window, click Messenger. The Messenger section appears in the Security Info window:

  10. Click Select S/MIME Ciphers. The Configure Ciphers dialog box should appear.

    Make sure that the following checkboxes are not checked:

    • RC2 encryption in CBC mode with a 128-bit key
    • RC2 encryption in CBC mode with a 64-bit key
    • RC2 encryption in CBC mode with a 40-bit key

    Likewise, make sure that the following checkboxes are checked:

    • Triple DES encryption in CBC mode with a 168-bit key
    • DES encryption in CBC mode with a 56-bit key

    The dialog box should look exactly like this:

  11. Click OK and return to the Security Info window.

  12. In the left frame of the Security Info window, click Cryptographic Modules. The Cryptographic Modules section appears in the Security Info window:

  13. In the Cryptographic Modules list, select PKCS #11 and click Logout All to make sure that all PKCS #11 Security Modules are logged off prior to loading the FIPS PUB 140-1 Cryptographic Module.

  14. Select PKCS #11 in the Cryptographic Modules list again, and click Delete. The following dialog box appears, prompting you to load the FIPS PUB 140-1 Cryptographic Module:

  15. Click OK, and the following FIPS PUB 140-1 Cryptographic Module should be loaded:

  16. Click OK to exit the Security Info window.

  17. In order to utilize all FIPS PUB 140-1 module security services, a successful login must be accomplished.

Note: To return to using the default configuration, follow the procedure to disable the FIPS PUB 140-1 security services.

Last Updated: 02/26/98

Any sample code included above is provided for your use on an "AS IS" basis, under the Netscape License Agreement - Terms of Use