452129 - KB article: Configuring Firefox for FIPS 140-2

Status: VERIFIED FIXED

(support.mozilla.org :: Knowledge Base Articles, task)

Description

[Nelson Bolyard (seldom reads bugmail)]

Attachment: html page shows about:config settings for FIPS 140

Federal Information Processing Standard (FIPS) number 140 defines a large
set of crypto security requirements for all software used by US Government 
employees.  US Government employees need to know how to make Firefox (2 or 3)
be "FIPS 140 compliant".  

I propose to write an article about that.  I'll get the technical details 
right, but it may not be suitably stylish for sumo.

The main steps are:
1) Disable SSL 2 and SSL 3, leaving only TLS (SSL 3.1)
2) Put Firefox's NSS Internal PKCS#11 security module into "FIPS mode",
   The above two steps are done in Tools->options->advanced->encryption
3) Disable all the non-FIPS TLS cipher suites in about:config

Comment 1

[Nelson Bolyard (seldom reads bugmail)]

Having trouble getting bold inside of CODE.

Comment 2

[Wan-Teh Chang]

The URL link in this bug is password controlled, so I
can't read it.  But the URL (....configure+Firefox+for+FIPS+140-1?bl=n)
seems to suggest that the title says "... configure Firefox
for FIPS 140-1".  The current revision of FIPS 140 is
FIPS 140-2, which has been published for more than
seven years.

Comment 3

[Wan-Teh Chang]

Please make sure you reference this document in your article:
NIST SP 800-52, Guidelines for the Selection and Use of
Transport Layer Security (TLS) Implementations

http://csrc.nist.gov/publications/nistpubs/800-52/SP800-52.pdf

Comment 4

[Nelson Bolyard (seldom reads bugmail)]

To change the page name, it was necessary to create a new page.  
I'm abandoning the old one.  

Still haven't figured out how to get bold lines in fixed width font.
It's trivial in html, but apparently not in this wiki.

Comment 5

[Nelson Bolyard (seldom reads bugmail)]

Found the hidden twiki help, and completed the page.  I understand that,
rather than asking for review, the protocol here is to mark the bug 
resolved fixed.  Seems odd, but so be it.

Comment 6

[Wan-Teh Chang]

Is it possible to view the Knowledge Base article without creating
an account?

Comment 7

[Nelson Bolyard (seldom reads bugmail)]

I gather that only the author and the sumo reviewers can see the article 
until the reviewers cause it to "go live".  Maybe I can mail you a copy.
But once it's "live" you can contribute changes.  It's a moderated wiki.

Comment 8

[Chris Ilias [:cilias]]

The staging area is only viewable to people who are logged in.

Do we need "US government users - " in the article name? I think "Configuring Firefox for FIPS 140-2" would be better.

Does this apply to Mac/Linux users? If so, we going to need to tag OS specific content, like "Tools" "Options". (Which should be tagged as menu paths, btw. :-) )
See <http://support.mozilla.com/en-US/kb/Using+SHOWFOR> and <http://support.mozilla.com/en-US/kb/Dynamic+Content>.

Comment 9

[Nelson Bolyard (seldom reads bugmail)]

This page is primarily of interest only to US government users (employees,
contractors), and I want to really grab their attention.  I didn't see
any way to get the words "US government users" into any references to the
article, other than to put those words in the article name.  

I didn't find any table of contents, or hierarchical structure to the content 
on sumo, otherwise, I might have tried to create a "US Government users" 
section in the TOC, and put the page there without those words in the title.

If there's a way to create obvious visible and searchable references to "US 
government users" without putting that in the article name, please advise.

I gather that the USG shops are VERY MS Windows oriented, but yes, these steps apply to Mac and Linux users too.  I don't have a Mac and haven't used FF3 on
a Mac, so I was unaware that the menu names and menu items were different on
the mac.  (Doesn't FF3 strive for UI similarity on all platforms?)

I had previously read the material on SHOWFOR, but I have no way of producing
any OS specific content for the Mac (or Linux, at the moment).  I don't own
a Mac, and my Linux system is down ATM.

I saw the editor's button to tag menu paths, but didn't figure it out.
I do NOT want to explain these steps using the syntax that is commonly used
by uber-geeks (like me) for these things, e.g. Tools -> Options, and I 
suspect that's what the menu path tag is for.  But any pointers to tips
on the menu path and file path name tags would be appreciated.

Comment 10

[Nelson Bolyard (seldom reads bugmail)]

Oh, is there a way to get the text box to appear beside the word Filter: 
as it does on the real about:config page, rather than taking up an entire 
window-wide line below the word Filter, as it does on this page?

Comment 11

[Wan-Teh Chang]

I agree with Chris Ilias.  Having "FIPS 140-2" in the title
should be enough to get the attention of the intended audience.
But this is just a minor issue.

Comment 12

[Majken Connor [:Kensie]]

You can explain in the first paragraph that it's a protocol or what have you commonly used for US government stuff.

You should use screenshots when you're trying to show the UI. You should have a smaller screenshot of about:config and then just list the preferences and whether they should be set to true or false.

Comment 13

[Chris Ilias [:cilias]]

(In reply to comment #9)
> If there's a way to create obvious visible and searchable references to "US 
> government users" without putting that in the article name, please advise.

Are US Gov employees familiar with the term "FIPS"? Article content affects search results as well as title.

> I gather that the USG shops are VERY MS Windows oriented, but yes, these steps
> apply to Mac and Linux users too.  I don't have a Mac and haven't used FF3 on
> a Mac, so I was unaware that the menu names and menu items were different on
> the mac.  (Doesn't FF3 strive for UI similarity on all platforms?)

MS and Apple have different interface guidelines, which get in the way of that. Anywise, using our dynamic content tool takes care of most instances of OS-specific stuff. For instance {content label=optionspreferences} will produce instructions on how to access the options/preferences window for all three supported platforms.
<http://support.mozilla.com/en-US/kb/Dynamic+Content>

> I saw the editor's button to tag menu paths, but didn't figure it out.
> I do NOT want to explain these steps using the syntax that is commonly used
> by uber-geeks (like me) for these things, e.g. Tools -> Options, and I 
> suspect that's what the menu path tag is for.  But any pointers to tips
> on the menu path and file path name tags would be appreciated.

LOL Actually, it just the text a gray background. Our Best Practices guide actually says to use full sentences, and not the "Tools -> Options" style.
<http://support.mozilla.com/en-US/kb/Best+Practices+for+Support+Documents>

You can preview the tags at:
<http://support.mozilla.com/en-US/kb/Markup+chart>
<http://support.mozilla.com/en-US/kb/Style+Guide#Common_types_of_text>

I can add the Mac stuff for you.

Comment 14

[Chris Ilias [:cilias]]

I've add mac info.
Does the info, and done a style review. Is the info still being presented accurately to you? 
I'd still like to shorten the title.

Regarding using a screenshot for the list of prefs, one issue with with resizing screenshots is that text may become illegible. In this case, it's very important that the text is readable; and it's a large list of prefs. I think text would be more appropriate for the list of prefs; but we shouldn't be using text to illustrate the Filter box.

Comment 15

[Chris Ilias [:cilias]]

Moved to KB at:
Wed 03 of Sep, 2008 22:38 EST

Any further discussion should go on the staging copy: <http://support.mozilla.com/en-US/kb/*Configuring+Firefox+for+FIPS+140-2>.