KB article: Configuring Firefox for FIPS 140-2

VERIFIED FIXED

Status

--
enhancement
VERIFIED FIXED
10 years ago
10 years ago

People

(Reporter: nelson, Assigned: nelson)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

Created attachment 335426 [details]
html page shows about:config settings for FIPS 140

Federal Information Processing Standard (FIPS) number 140 defines a large
set of crypto security requirements for all software used by US Government 
employees.  US Government employees need to know how to make Firefox (2 or 3)
be "FIPS 140 compliant".  

I propose to write an article about that.  I'll get the technical details 
right, but it may not be suitably stylish for sumo.

The main steps are:
1) Disable SSL 2 and SSL 3, leaving only TLS (SSL 3.1)
2) Put Firefox's NSS Internal PKCS#11 security module into "FIPS mode",
   The above two steps are done in Tools->options->advanced->encryption
3) Disable all the non-FIPS TLS cipher suites in about:config
(Assignee)

Comment 1

10 years ago
Having trouble getting bold inside of CODE.

Comment 2

10 years ago
The URL link in this bug is password controlled, so I
can't read it.  But the URL (....configure+Firefox+for+FIPS+140-1?bl=n)
seems to suggest that the title says "... configure Firefox
for FIPS 140-1".  The current revision of FIPS 140 is
FIPS 140-2, which has been published for more than
seven years.

Comment 3

10 years ago
Please make sure you reference this document in your article:
NIST SP 800-52, Guidelines for the Selection and Use of
Transport Layer Security (TLS) Implementations

http://csrc.nist.gov/publications/nistpubs/800-52/SP800-52.pdf
(Assignee)

Comment 4

10 years ago
To change the page name, it was necessary to create a new page.  
I'm abandoning the old one.  

Still haven't figured out how to get bold lines in fixed width font.
It's trivial in html, but apparently not in this wiki.
(Assignee)

Comment 5

10 years ago
Found the hidden twiki help, and completed the page.  I understand that,
rather than asking for review, the protocol here is to mark the bug 
resolved fixed.  Seems odd, but so be it.
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED

Comment 6

10 years ago
Is it possible to view the Knowledge Base article without creating
an account?
(Assignee)

Comment 7

10 years ago
I gather that only the author and the sumo reviewers can see the article 
until the reviewers cause it to "go live".  Maybe I can mail you a copy.
But once it's "live" you can contribute changes.  It's a moderated wiki.

Comment 8

10 years ago
The staging area is only viewable to people who are logged in.

Do we need "US government users - " in the article name? I think "Configuring Firefox for FIPS 140-2" would be better.

Does this apply to Mac/Linux users? If so, we going to need to tag OS specific content, like "Tools" "Options". (Which should be tagged as menu paths, btw. :-) )
See <http://support.mozilla.com/en-US/kb/Using+SHOWFOR> and <http://support.mozilla.com/en-US/kb/Dynamic+Content>.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
(Assignee)

Comment 9

10 years ago
This page is primarily of interest only to US government users (employees,
contractors), and I want to really grab their attention.  I didn't see
any way to get the words "US government users" into any references to the
article, other than to put those words in the article name.  

I didn't find any table of contents, or hierarchical structure to the content 
on sumo, otherwise, I might have tried to create a "US Government users" 
section in the TOC, and put the page there without those words in the title.

If there's a way to create obvious visible and searchable references to "US 
government users" without putting that in the article name, please advise.

I gather that the USG shops are VERY MS Windows oriented, but yes, these steps apply to Mac and Linux users too.  I don't have a Mac and haven't used FF3 on
a Mac, so I was unaware that the menu names and menu items were different on
the mac.  (Doesn't FF3 strive for UI similarity on all platforms?)

I had previously read the material on SHOWFOR, but I have no way of producing
any OS specific content for the Mac (or Linux, at the moment).  I don't own
a Mac, and my Linux system is down ATM.

I saw the editor's button to tag menu paths, but didn't figure it out.
I do NOT want to explain these steps using the syntax that is commonly used
by uber-geeks (like me) for these things, e.g. Tools -> Options, and I 
suspect that's what the menu path tag is for.  But any pointers to tips
on the menu path and file path name tags would be appreciated.
(Assignee)

Comment 10

10 years ago
Oh, is there a way to get the text box to appear beside the word Filter: 
as it does on the real about:config page, rather than taking up an entire 
window-wide line below the word Filter, as it does on this page?

Comment 11

10 years ago
I agree with Chris Ilias.  Having "FIPS 140-2" in the title
should be enough to get the attention of the intended audience.
But this is just a minor issue.
You can explain in the first paragraph that it's a protocol or what have you commonly used for US government stuff.

You should use screenshots when you're trying to show the UI. You should have a smaller screenshot of about:config and then just list the preferences and whether they should be set to true or false.
(In reply to comment #9)
> If there's a way to create obvious visible and searchable references to "US 
> government users" without putting that in the article name, please advise.

Are US Gov employees familiar with the term "FIPS"? Article content affects search results as well as title.

> I gather that the USG shops are VERY MS Windows oriented, but yes, these steps
> apply to Mac and Linux users too.  I don't have a Mac and haven't used FF3 on
> a Mac, so I was unaware that the menu names and menu items were different on
> the mac.  (Doesn't FF3 strive for UI similarity on all platforms?)

MS and Apple have different interface guidelines, which get in the way of that. Anywise, using our dynamic content tool takes care of most instances of OS-specific stuff. For instance {content label=optionspreferences} will produce instructions on how to access the options/preferences window for all three supported platforms.
<http://support.mozilla.com/en-US/kb/Dynamic+Content>

> I saw the editor's button to tag menu paths, but didn't figure it out.
> I do NOT want to explain these steps using the syntax that is commonly used
> by uber-geeks (like me) for these things, e.g. Tools -> Options, and I 
> suspect that's what the menu path tag is for.  But any pointers to tips
> on the menu path and file path name tags would be appreciated.

LOL Actually, it just the text a gray background. Our Best Practices guide actually says to use full sentences, and not the "Tools -> Options" style.
<http://support.mozilla.com/en-US/kb/Best+Practices+for+Support+Documents>

You can preview the tags at:
<http://support.mozilla.com/en-US/kb/Markup+chart>
<http://support.mozilla.com/en-US/kb/Style+Guide#Common_types_of_text>

I can add the Mac stuff for you.
I've add mac info.
Does the info, and done a style review. Is the info still being presented accurately to you? 
I'd still like to shorten the title.

Regarding using a screenshot for the list of prefs, one issue with with resizing screenshots is that text may become illegible. In this case, it's very important that the text is readable; and it's a large list of prefs. I think text would be more appropriate for the list of prefs; but we shouldn't be using text to illustrate the Filter box.

Updated

10 years ago
Status: REOPENED → RESOLVED
Last Resolved: 10 years ago10 years ago
Resolution: --- → FIXED
Summary: US government users need how-to for FIPS 140 compliance → KB article: Configuring Firefox for FIPS 140-2
Moved to KB at:
Wed 03 of Sep, 2008 22:38 EST

Any further discussion should go on the staging copy: <http://support.mozilla.com/en-US/kb/*Configuring+Firefox+for+FIPS+140-2>.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.