X
Nhấn vào đây để đến phiên bản di động của trang web.

Diễn đàn trợ giúp

Is it possible to lockdown FIPS mode on in an Enterprise environment?

Được đăng

My company is bound by rules that state we cannot use a browser that doesn't have FIPS enabled and it has to be locked on so a user cannot turn it off. Is this possible with Firefox. I have found some third party group policy templates but they do NOT address this FIPS issue.

My company is bound by rules that state we cannot use a browser that doesn't have FIPS enabled and it has to be locked on so a user cannot turn it off. Is this possible with Firefox. I have found some third party group policy templates but they do NOT address this FIPS issue.

Chi tiết hệ thống bổ sung

Ứng dụng

  • Chuỗi đại diện người dùng: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; .NET CLR 3.5.30729; .NET CLR 3.0.30729; rv:11.0) like Gecko

Thông tin chi tiết

guigs 1072 giải pháp 11697 câu trả lời
Được đăng

https://developer.mozilla.org/en-US/d.../FIPS_Mode_-_an_explanation

See all the security configurations that need to be on or off here: https://support.mozilla.org/en-US/kb/Configuring%20Firefox%20for%20FIPS%2... - the ui may be out of date and there is also a fips entry that has been added.

It is possible to use a cfg file to lock preferences: http://kb.mozillazine.org/Locking_preferences

Hope that helps.

[https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/FIPS_Mode_-_an_explanation] See all the security configurations that need to be on or off here: [https://support.mozilla.org/en-US/kb/Configuring%20Firefox%20for%20FIPS%20140-2] - the ui may be out of date and there is also a fips entry that has been added. It is possible to use a cfg file to lock preferences: [http://kb.mozillazine.org/Locking_preferences] Hope that helps.
cor-el
  • Top 10 Contributor
  • Moderator
17869 giải pháp 161698 câu trả lời
Được đăng

FIPS mode is stored in the secmode.db and requires that a MP is set to normally enable it.

You can only disable FIPS once is has been enabled by deleting the keys.db file and the signons.sqlite file. As this will remove all stored passwords that is usually not an option that most would follow. I don't know of a way to prevent this and even if you would set the secmode.db file to read-only then this file can be deleted as well.

FIPS requires to disable some cypher suites, but I don't know which ones in current Firefox releases. Prefs can be locked however like posted above by using a mozilla.cfg file.

You could consider to ask in the newsgroup mentioned to the above posted MDN article if this is possible.

  • Newsgroup: mozilla.dev.tech.crypto
FIPS mode is stored in the secmode.db and requires that a MP is set to normally enable it. *https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/tools/NSS_Tools_modutil You can only disable FIPS once is has been enabled by deleting the keys.db file and the signons.sqlite file. As this will remove all stored passwords that is usually not an option that most would follow. I don't know of a way to prevent this and even if you would set the secmode.db file to read-only then this file can be deleted as well. FIPS requires to disable some cypher suites, but I don't know which ones in current Firefox releases. Prefs can be locked however like posted above by using a mozilla.cfg file. You could consider to ask in the newsgroup mentioned to the above posted MDN article if this is possible. *Newsgroup: mozilla.dev.tech.crypto