mirror of
git://slackware.nl/current.git
synced 2024-12-28 09:59:53 +01:00
365 lines
18 KiB
HTML
365 lines
18 KiB
HTML
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
|
||
|
<html>
|
||
|
<head>
|
||
|
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
|
||
|
<link rel="top" title="Home" href="http://www.mozilla.org/">
|
||
|
<link rel="stylesheet" type="text/css" href="../../../../css/print.css" media="print">
|
||
|
<link rel="stylesheet" type="text/css" href="../../../../css/base/content.css" media="all">
|
||
|
<link rel="stylesheet" type="text/css" href="../../../../css/cavendish/content.css" title="Cavendish" media="screen">
|
||
|
<link rel="stylesheet" type="text/css" href="../../../../css/base/template.css" media="screen">
|
||
|
<link rel="stylesheet" type="text/css" href="../../../../css/cavendish/template.css" title="Cavendish" media="screen">
|
||
|
<link rel="icon" href="../../../../images/mozilla-16.png" type="image/png">
|
||
|
|
||
|
<TITLE>NSS FAQ</TITLE>
|
||
|
<script src="../../../../__utm.js" type="text/javascript"></script>
|
||
|
</head>
|
||
|
<body id="www-mozilla-org" class="secondLevel sectionDevelopers">
|
||
|
<div id="container">
|
||
|
<p class="skipLink"><a href="#mainContent" accesskey="2">Skip to main content</a></p>
|
||
|
<div id="header">
|
||
|
<h1><a href="/" title="Return to home page" accesskey="1">Mozilla</a></h1>
|
||
|
<ul>
|
||
|
<li id="menu_aboutus"><a href="../../../../about/" title="Learn more about Mozilla">About</a></li>
|
||
|
<li id="menu_foundation"><a href="../../../../foundation/" title="Information about the non-profit Mozilla Foundation">Foundation</a></li>
|
||
|
<li id="menu_contribute"><a href="../../../../contribute/" title="Find out how to get involved with Mozilla">Contribute</a></li>
|
||
|
<li id="menu_community"><a href="../../../../community/" title="List of community sites and other resources">Community</a></li>
|
||
|
<li id="menu_developers"><a href="../../../../developer/" title="Resources and links for developers">Developers</a></li>
|
||
|
<li id="menu_projects"><a href="../../../../projects/" title="Projects being created by the Mozilla community">Projects</a></li>
|
||
|
</ul>
|
||
|
<form id="searchbox_002443141534113389537:ysdmevkkknw" action="http://www.google.com/cse" title="mozilla.org Search">
|
||
|
<div>
|
||
|
<label for="q" title="Search mozilla.org's sites">search mozilla:</label>
|
||
|
<input type="hidden" name="cx" value="002443141534113389537:ysdmevkkknw">
|
||
|
<input type="hidden" name="cof" value="FORID:0">
|
||
|
<input type="text" id="q" name="q" accesskey="s" size="30">
|
||
|
<input type="submit" id="submit" value="Go">
|
||
|
</div>
|
||
|
</form>
|
||
|
</div>
|
||
|
<hr class="hide">
|
||
|
<div id="mBody">
|
||
|
<div id="side">
|
||
|
|
||
|
<ul id="nav">
|
||
|
<li><a title="Roadmap" href="../../../../roadmap.html"><strong> Roadmap</strong></a></li>
|
||
|
<li><a title="Projects" href="../../../../projects/"><strong> Projects</strong></a></li>
|
||
|
<li><a title="For developers" href="../../../../developer/"><strong> Coding</strong></a>
|
||
|
<ul>
|
||
|
<li><a title="Module Owners" href="../../../../owners.html"> Module Owners</a></li>
|
||
|
<li><a title="Hacking" href="../../../../hacking/"> Hacking</a></li>
|
||
|
<li><a title="Get the Source" href="http://developer.mozilla.org/en/docs/Download_Mozilla_Source_Code"> Get the Source</a></li>
|
||
|
<li><a title="Building Mozilla" href="http://developer.mozilla.org/en/docs/Build_Documentation"> Build It</a></li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<li><a title="Testing" href="http://quality.mozilla.org/"><strong> Testing</strong></a>
|
||
|
<ul>
|
||
|
<li><a title="Downloads of mozilla.org software releases" href="../../../../download.html"> Releases</a></li>
|
||
|
<li><a title="Latest mozilla builds for testers" href="../../../../developer/#builds"> Nightly Builds</a></li>
|
||
|
<li><a title="For testers to report bugs" href="https://bugzilla.mozilla.org/"> Report A Problem</a></li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<li><a title="Tools for mozilla developers" href="../../../../tools.html"><strong> Tools</strong></a>
|
||
|
<ul>
|
||
|
<li><a title="Bug tracking system for mozilla testers." href="https://bugzilla.mozilla.org/"> Bugzilla</a></li>
|
||
|
<li><a title="Latest status of mozilla builds" href="http://tinderbox.mozilla.org/showbuilds.cgi?tree=Firefox"> Tinderbox</a></li>
|
||
|
<li><a title="Latest checkins" href="http://bonsai.mozilla.org/cvsqueryform.cgi"> Bonsai</a></li>
|
||
|
<li><a title="Source cross reference" href="http://mxr.mozilla.org/"> MXR</a></li>
|
||
|
</ul>
|
||
|
</li>
|
||
|
<li><a title="Frequently Asked Questions." href="../../../../faq.html"><strong> FAQs</strong></a></li>
|
||
|
</ul>
|
||
|
|
||
|
</div>
|
||
|
<hr class="hide">
|
||
|
<div id="mainContent">
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
<center>
|
||
|
<h2>NSS FAQ</h2>
|
||
|
<i><FONT SIZE="-1">
|
||
|
|
||
|
Newsgroup:
|
||
|
<A HREF="news://news.mozilla.org/mozilla.dev.tech.crypto">mozilla.dev.tech.crypto</A>
|
||
|
|
||
|
</FONT></i>
|
||
|
</center>
|
||
|
|
||
|
<p>
|
||
|
<hr>
|
||
|
<p>
|
||
|
|
||
|
<a href="#Q1">General Questions</a>
|
||
|
|
||
|
<ul>
|
||
|
<li>
|
||
|
<a href="#Q1.1">What is Network Security Services (NSS)?</a></li>
|
||
|
<li>
|
||
|
<a href="#Q1.2">What can I do with NSS? Is NSS appropriate for my application?</a></li>
|
||
|
<li>
|
||
|
<a href="#q1.2a">How does NSS compare to OpenSSL?</a></li>
|
||
|
<li>
|
||
|
<a href="#q1.3">How does NSS compare to SSLRef?</a></li>
|
||
|
<li>
|
||
|
<a href="#q1.4">What platforms and development environments are supported?</a></li>
|
||
|
<li>
|
||
|
<a href="#q1.5">What cryptography standards are supported?</a></li>
|
||
|
<li>
|
||
|
<a href="#q1.7">What is the relationship between NSS and PSM?</a></li>
|
||
|
<li>
|
||
|
<a href="#q1.7">Where can I get the source?</a></li>
|
||
|
<li>
|
||
|
<a href="#q1.8">How much does it cost?</a></li>
|
||
|
</ul>
|
||
|
|
||
|
<a href="#Q2">Developer Questions</a>
|
||
|
<ul>
|
||
|
<li>
|
||
|
<a href="#q2.1">What hardware accelerators are supported?</a></li>
|
||
|
<li>
|
||
|
<a href="#q2.2">How do I integrate smart cards into my application using
|
||
|
NSS?</a></li>
|
||
|
<li>
|
||
|
<a href="#q2.3">How is NSS compatible with other Netscape products?</a></li>
|
||
|
<li>
|
||
|
<a href="#q2.4">Does NSS require Netscape Portable Runtime (NSPR)?</a></li>
|
||
|
<li>
|
||
|
<a href="#q2.5">Can I use NSS even if my application protocol isn't HTTP?</a></li>
|
||
|
<li>
|
||
|
<a href="#q2.6">How long does it take to integrate NSS into my application?</a></li>
|
||
|
<li>
|
||
|
<a href="#q2.6">How can I learn more about SSL?</a></li>
|
||
|
</ul>
|
||
|
|
||
|
<a href="#Q3">Licensing Questions</a>
|
||
|
<ul>
|
||
|
<li>
|
||
|
<a href="#q3.1">How is NSS licensed?</a>
|
||
|
<li>
|
||
|
<a href="#q3.2">Is NSS available outside the United States?</a></li>
|
||
|
</ul>
|
||
|
<h2>
|
||
|
<a NAME="Q1"><hr WIDTH="100%"></a>General Questions</h2>
|
||
|
<a NAME="Q1.1"></a><H4>What is Network Security Services (NSS)?</h4>
|
||
|
<P>NSS is set of libraries, APIs, utilities, and documentation designed
|
||
|
to support cross-platform development of security-enabled client and
|
||
|
server applications. It provides a complete open-source implementation
|
||
|
of the crypto libraries used by Netscape and other companies in the
|
||
|
Netscape 6 browser, server products from iPlanet E-Commerce Solutions, the
|
||
|
Gateway Connected Touch Pad with Instant AOL, and other products.
|
||
|
|
||
|
<p>For an
|
||
|
overview of NSS, see <a href="overview.html">Overview of NSS</a>. For detailed information
|
||
|
on the open-source NSS project, see <a href="index.html">NSS Project Page</a>.
|
||
|
|
||
|
<br>
|
||
|
<a NAME="Q1.2"></a><H4>What can I do with NSS? Is NSS appropriate for
|
||
|
my application?</h4>
|
||
|
<P>If you want add support for SSL, S/MIME, or other Internet security standards
|
||
|
to your application, you can use Network Security Services (NSS) to do so. Because
|
||
|
NSS provides complete support for all versions of SSL and TLS, it is particularly well-suited
|
||
|
for applications that need to communicate with the many clients and servers
|
||
|
that already support the SSL protocol.
|
||
|
<p>The PKCS #11 interface included in NSS means that your application can
|
||
|
use <a href="#q2.1">hardware accelerators</a> on the server and <a href="#q2.2">smart
|
||
|
cards</a> for two-factor authentication.
|
||
|
<br>
|
||
|
|
||
|
<a NAME="q1.2a"></a><H4>How does NSS compare to OpenSSL?</h4>
|
||
|
|
||
|
<a href="http://www.openssl.org/">OpenSSL</a> is an open source project that implements server-side SSL,
|
||
|
TLS, and a general-purpose cryptography library. It does not support PKCS #11. It is based on
|
||
|
the SSLeay library developed by Eric A. Young and Tim J. Hudson. OpenSSL is widely used in
|
||
|
Apache servers and is licensed under an Apache-style licence.
|
||
|
|
||
|
<p>NSS supports both server and client applications as well as PKCS #11 and S/MIME. To permit its use
|
||
|
in as many contexts as possible,
|
||
|
NSS is triple-licensed under the <a href="../../../../MPL/">Mozilla Public License</a>, the
|
||
|
<a href="http://www.gnu.org/copyleft/gpl.html">GNU General Public License</a>,
|
||
|
and the <a href="http://www.gnu.org/copyleft/lesser.html">GNU Lesser General Public License</a>.
|
||
|
You may choose to use the code either under the terms of the MPL or the GPL or the LGPL.
|
||
|
|
||
|
<a NAME="q1.3"></a><H4>How does NSS compare to SSLRef?</h4>
|
||
|
SSLRef was an early reference implementation of the SSL protocol. It contains
|
||
|
bugs that were never fixed, doesn't support TLS or or the
|
||
|
new 56-bit export cipher suites, and does not contain the fix to the
|
||
|
Bleichenbacher attack on PKCS#1.
|
||
|
|
||
|
<p>Netscape no longer maintains SSLRef or makes it available. It was built as
|
||
|
an example of an SSL implementation, not for creating production applications.
|
||
|
|
||
|
<p>NSS was designed from the ground up for use by commercial developers.
|
||
|
It provides a complete software development kit
|
||
|
that uses the same architecture used to support security features in many client
|
||
|
and server products from Netscape and other companies.
|
||
|
|
||
|
<a NAME="q1.4"></a><H4>What platforms and development environments are supported?</h4>
|
||
|
<P>iPlanet E-Commerce Solutions has certified NSS 3.1 on 18 platforms, including AIX 4.3, HP-UX 11.0,
|
||
|
Red Hat Linux 6.0, Solaris (2.6 or later), Windows NT (4.0 or later), and
|
||
|
Windows 2000. Other contributors are in the process of certifying additional platforms.
|
||
|
The NSS 3.1 API requires C or C++ development environments.
|
||
|
|
||
|
<p>For the latest NSS release notes and detailed platform information, see
|
||
|
<a href="release_notes_31.html">NSS 3.1 Release Notes</a>.
|
||
|
|
||
|
<a NAME="q1.5"></a><H4>What cryptography standards does NSS support?</h4>
|
||
|
<P>NSS supports <a HREF="../../../docs/jargon.html#SSL">SSL v2 and v3</a>,
|
||
|
<a HREF="../../../../docs/jargon.html#TLS">TLS</a>,
|
||
|
<a HREF="../../../../docs/jargon.html#PKCS5">PKCS #5</a>,
|
||
|
<a HREF="../../../../docs/jargon.html#PKCS7">PKCS #7</a>,
|
||
|
<a HREF="../../../../docs/jargon.html#PKCS11">PKCS #11</a>,
|
||
|
<a HREF="../../../../docs/jargon.html#PKCS12">PKCS #12</a>,
|
||
|
<a HREF="../../../../docs/jargon.html#SMIME">S/MIME</a>, and
|
||
|
<a HREF="../../../../docs/jargon.html#X.509">X.509 v3</a> certificates.
|
||
|
For complete details,
|
||
|
see <a href="nss-3.11/nss-3.11-algorithms.html">
|
||
|
Encryption Technologies</a>.
|
||
|
|
||
|
<a NAME="q1.6"></a><H4>What is the relationship between NSS and PSM?</H4>
|
||
|
|
||
|
Personal Security Manager (PSM) is built on top of NSS. It consists of libraries
|
||
|
and a daemon designed to support cross-platform development of security-enabled
|
||
|
client applications. The PSM binary provides a client module
|
||
|
that performs cryptographic operations on behalf of applications.
|
||
|
Netscape Personal Security Manager ships with Netscape 6 and the Gateway Connected Touch Pad with Instant AOL,
|
||
|
and is also available for use with Communicagotr 4.7x.
|
||
|
|
||
|
<p>For more information about the PSM open-source project, see <a href="../psm">Personal Security Manager</a>.
|
||
|
|
||
|
<a NAME="q1.7"></a><H4>Where can I get the source code?</H4>
|
||
|
|
||
|
For instructions on how to check out and build the NSS 3.1 source code, see
|
||
|
<a href="buildnss_31.html">Build Instructions for NSS 3.1.</a> The source code may also
|
||
|
be downloaded as a tar file from
|
||
|
<a href="ftp://ftp.mozilla.org/pub/mozilla.org/security/">ftp://ftp.mozilla.org/pub/mozilla.org/security/</a>.
|
||
|
|
||
|
<a NAME="q1.8"></a><H4>How much does it cost?</H4>
|
||
|
|
||
|
NSS source code and binaries (when they become available) are completely free. No license fees,
|
||
|
no royalty fees, no subscription fees.
|
||
|
|
||
|
|
||
|
<a NAME="Q2"><h2>
|
||
|
<hr WIDTH="100%"></a>Developer Questions</h2>
|
||
|
|
||
|
<a NAME="q2.1"></a><H4>What hardware accelerators are supported?</h4>
|
||
|
<P>NSS supports the PKCS #11 interface for hardware acceleration. Since leading accelerator vendors such as
|
||
|
Chrysalis-IT, nCipher, and Rainbow Technologies also support this interface, NSS-enabled applications
|
||
|
can support a wide variety of hardware accelerators.
|
||
|
<a NAME="q2.2"></a><H4>How do I integrate smart cards into my application using
|
||
|
NSS?</h4>
|
||
|
<P>NSS supports the PKCS #11 interface for smart card integration. Applications that use the PKCS #11
|
||
|
interface provided by NSS will therefore support smart cards from leading vendors such as
|
||
|
ActiveCard, Litronic, and SecureID Technologies that also support the PKCS #11 interface.
|
||
|
|
||
|
<a NAME="q2.3"></a><H4>How is NSS compatible with other Netscape products?</h4>
|
||
|
<P>NSS provides tight integration with other Netscape products in two ways.
|
||
|
First, by using NSS to implement SSL and TLS, you can support SSL communications
|
||
|
with all products from Netscape and all other vendors
|
||
|
that support SSL<FONT color="#CC0000"> and TLS.</FONT> Second, NSS makes it easy
|
||
|
to share certificates between Netscape client and server products
|
||
|
and your application.
|
||
|
|
||
|
<a NAME="q2.4"></a><H4>Does NSS require Netscape Portable Runtime (NSPR)?</h4>
|
||
|
<P>To provide cross-platform support, NSS utilizes Netscape Portable Runtime
|
||
|
(NSPR) libraries as a portability interface and implementation that
|
||
|
provides consistent cross-platform semantics for network I/O and threading
|
||
|
models. You can use NSPR throughout your application or
|
||
|
only in the portion that calls into NSS. Netscape strongly recommends that
|
||
|
multithreaded applications use the NSPR or native OS threading model. (In
|
||
|
recent NSPR releases, the NSPR threading model is compatible with the native
|
||
|
threading model if the OS has native threads.) Alternatively, you can adapt
|
||
|
the open-source NSPR implementation to be compatible with your existing
|
||
|
application's threading models. More information about NSPR may be found at
|
||
|
<a href="http://www.mozilla.org/projects/nspr/">Netscape Portable Runtime</a>.
|
||
|
<br>
|
||
|
|
||
|
<a NAME="q2.5"></a><H4>Can I use NSS even if my application protocol isn't
|
||
|
HTTP?</h4>
|
||
|
<P>Yes, SSL independent of application protocols. It works with common
|
||
|
Internet standard application protocols (HTTP, POP3, FTP, SMTP, etc.) as
|
||
|
well as custom application protocols using TCP/IP.
|
||
|
|
||
|
<br>
|
||
|
<a NAME="q2.6"></a><H4>How long does it take to integrate NSS into my application?</h4>
|
||
|
<P>The integration effort depends on an number of factors, such as developer
|
||
|
skill set, application complexity, and the level of security required for
|
||
|
your application. NSS includes detailed documentation of the SSL API and
|
||
|
sample code that demonstrates basic SSL functionality (setting up an encrypted
|
||
|
session, server authentication, and client authentication) to help jump start the
|
||
|
integration process. However, there is little or no documentation currently
|
||
|
available for the rest of the NSS API. If your application requires sophisticated
|
||
|
certificate management, smart card support, or hardware acceleration, your
|
||
|
integration effort will be more extensive.
|
||
|
|
||
|
<a NAME="q2.7"></a><H4> Where can I download the NSS tools?</h4>
|
||
|
|
||
|
Currently, you must download the NSS source and build it to create binary files for the NSS tools.
|
||
|
For more information, see <A HREF="tools/">NSS Tools</A>.
|
||
|
|
||
|
|
||
|
<a NAME="q2.8"></a><H4>How can I learn more about SSL?</h4>
|
||
|
|
||
|
NSS provides extensive documentation related to SSL, including high-level introductions,
|
||
|
detailed API documentation, sample code for simple client and server
|
||
|
applications, the original SSL 3.0 specification, and
|
||
|
information on debugging SSL applications. For details, see the
|
||
|
<a href="ssl/">SSL/TLS Project Page</a>. For information about the NSS tools, including those used
|
||
|
for debugging SSL applications, see <a href="http://www.mozilla.org/projects/security/pki/nss/tools/">
|
||
|
NSS Security Tools</a>.
|
||
|
|
||
|
<a NAME="Q3"><h2>
|
||
|
<hr WIDTH="100%"></a>Licensing Questions</h2>
|
||
|
<H4><a NAME="q3.1"></a>How is NSS licensed?</h4>
|
||
|
<P>NSS is triple-licensed under the <a href="../../../../MPL/">Mozilla Public License</a>, the
|
||
|
<a href="http://www.gnu.org/copyleft/gpl.html">GNU General Public License</a>,
|
||
|
and the <a href="http://www.gnu.org/copyleft/lesser.html">GNU Lesser General Public License</a>.
|
||
|
For more details, see the <a href="http://www.mozilla.org/crypto-faq.html#1-3">Mozilla Crypto FAQ</a>.
|
||
|
|
||
|
<a NAME="q3.2"></a><H4>Is NSS available outside the United States?</h4>
|
||
|
<P>Yes; see
|
||
|
<a href="buildnss_31.html">Build Instructions for NSS 3.1.</a> and
|
||
|
<a href="ftp://ftp.mozilla.org/pub/mozilla.org/security/">ftp://ftp.mozilla.org/pub/mozilla.org/security/</a>.
|
||
|
However, NSS source code is subject to the U.S. Export
|
||
|
Administration Regulations and other U.S. law, and may not be exported or
|
||
|
re-exported to certain
|
||
|
countries (currently Cuba, Iran, Libya, North Korea, Sudan and Syria) or
|
||
|
to persons or entities prohibited from receiving U.S. exports (including
|
||
|
those (a) on the Bureau of Industry and Security Denied Parties List or
|
||
|
Entity List, (b) on the Office of Foreign Assets Control list of Specially
|
||
|
Designated Nationals and Blocked Persons, and (c) involved with missile
|
||
|
technology or nuclear, chemical or biological weapons).
|
||
|
|
||
|
<p>For more information about U.S. export controls on encryption software,
|
||
|
see the <a href="http://www.mozilla.org/crypto-faq.html">Mozilla Crypto FAQ</a>.
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
<hr class="hide">
|
||
|
</div>
|
||
|
</div>
|
||
|
<div id="footer">
|
||
|
<ul>
|
||
|
<li><a href="../../../../support/">Support Options</a></li>
|
||
|
<li><a href="../../../../security/">Security Center</a></li>
|
||
|
<li><a href="../../../../privacy-policy.html">Privacy Policy</a></li>
|
||
|
<li><a href="../../../../contact/">Contact Us</a></li>
|
||
|
</ul>
|
||
|
<p class="affiliates">International Affiliates: <a href="http://www.mozilla-europe.org/">Mozilla Europe</a> - <a
|
||
|
href="http://mozilla.jp/">Mozilla Japan</a> - <a href="http://www.mozillaonline.com/">Mozilla China</a></p>
|
||
|
<p class="copyright">
|
||
|
Portions of this content are © 1998–2009 by individual mozilla.org contributors<br>
|
||
|
Content available under a Creative Commons <a href="http://www.mozilla.org/foundation/licensing/website-content.html">license</a></p>
|
||
|
<p>
|
||
|
<span>Last modified July 12, 2007</span>
|
||
|
<span><a href="http://bonsai-www.mozilla.org/cvslog.cgi?file=mozilla-org/html/projects/security/pki/nss/faq.html&rev=&root=/www/">Document History</a></span>
|
||
|
<span><a href="https://doctor.mozilla.org/?action=edit&file=mozilla-org/html/projects/security/pki/nss/faq.html">Edit this Page</a></span> <span>(or <a href="/contribute/writing/cvs">via CVS</a>)</span>
|
||
|
</p>
|
||
|
</div>
|
||
|
</div>
|
||
|
</body>
|
||
|
</html>
|