NSS has a "FIPS Mode" that can be enabled when NSS is compiled in a specific way. (Note: Mozilla does not distribute a "FIPS Mode"-ready NSS with Firefox.) This page attempts to provide an informal explanation of what it is, who would use it, and why.

Oct 18, 2018 · "The document could not be saved. Use of non FIPS cryptography is not permitted while in FIPS mode." Then states document couldn't be signed obviously. Anyone find a solution to this? I tried the bFIPSMode=0 manual HKCU entry that doesn't do anything. I also disabled protected mode. This instance of Adobe DC is on Windows 10. Thanks for any help! See Disable Weak Ciphers in SSL/TLS. When installing View Composer, select the FIPS mode option. See Installing View Composer. When installing View Agent, select the FIPS mode option. See the View Agent installation topics in the Setting Up Desktop and Application Pools document. When installing Horizon Client for Disable FIPS Mode if it is enabled due to the potential for conflict with settings required for explicitly disabling TLS 1.0/1.1 in this document. See Appendix B for more information. Update and recompile any applications using WinHTTP hosted on Server 2012 or older. Managed apps – rebuild and retarget against the latest.NET Framework version NSS has a "FIPS Mode" that can be enabled when NSS is compiled in a specific way. (Note: Mozilla does not distribute a "FIPS Mode"-ready NSS with Firefox.) This page attempts to provide an informal explanation of what it is, who would use it, and why. The [tfim-cluster:] ssl-nist-compliance setting can override this entry. If ssl-nist-compliance is set to yes , FIPS mode processing is automatically enabled. Options

Nov 13, 2019 · For dialog security (between services), the encryption uses the FIPS-certified instance of AES if the FIPS mode is enabled. If the FIPS mode is disabled, the encryption uses RC4. When you configure a service broker endpoint in the FIPS mode, the administrator must specify "AES" for the service broker.

Jul 12, 2017 · To check whether FIPS is enabled or disabled in the registry, follow the following steps: Press Windows Key+R to open the Run dialog. Type “regedit” into the Run dialog box (without the quotes) and press Enter. Navigate to What FIPS mode does Enabling FIPS mode makes Windows and its subsystems use only FIPS-validated cryptographic algorithms. An example is Schannel, which is the system component that provides SSL and TLS to applications. When FIPS mode is enabled, Schannel disallows SSL 2.0 and 3.0, protocols that fall short of the FIPS standards.

after installing an ssl cert (using ssl.conf) apache won't restart and only gives these warns in the log: [Wed Aug 14 14:16:46 2013] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Wed Aug 14 14:16:46 2013] [notice] SSL FIPS mode disabled Using Cent OS 6.4. Full log (with loglevel debug) :

[Thu Nov 24 11:49:47 2016] [notice] Digest: done [Thu Nov 24 11:49:47 2016] [notice] SSL FIPS mode disabled [Thu Nov 24 11:49:47 2016] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Thu Nov 24 11:49:47 2016] [warn] RSA server certificate CommonName (CN) `server1' does NOT match server name!? For FIPS mode, ensure that the certificate is FIPS-compliant (i.e uses a FIPS-compliant algorithm) and the private key meets the PKCS#8 standard. If you need to convert a private key to PKCS#8 format, various conversion tools exist, such as openssl pkcs8 and others. The FIPS_mode() function is used to determine the current FIPS 140-2 mode of operation by a program utilizing the services of the validated library. The library must have been built with the FIPS Object Module , and the FIPS Object Module must have been acquired, built, and installed in accordance with the security policy . On compliant versions of macOS, follow the steps below to configure your mongod or mongos instance to operate in FIPS mode. Procedure A. Configure MongoDB to use TLS/SSL. See Configure mongod and mongos for TLS/SSL for details about configuring your deployment to use TLS/SSL. Ensure that your certificate is FIPS-compliant.