diff options
Diffstat (limited to 'system/mozilla-nss/faq.html')
-rw-r--r-- | system/mozilla-nss/faq.html | 364 |
1 files changed, 364 insertions, 0 deletions
diff --git a/system/mozilla-nss/faq.html b/system/mozilla-nss/faq.html new file mode 100644 index 0000000000..176fe8f883 --- /dev/null +++ b/system/mozilla-nss/faq.html @@ -0,0 +1,364 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> +<link rel="top" title="Home" href="http://www.mozilla.org/"> +<link rel="stylesheet" type="text/css" href="../../../../css/print.css" media="print"> +<link rel="stylesheet" type="text/css" href="../../../../css/base/content.css" media="all"> +<link rel="stylesheet" type="text/css" href="../../../../css/cavendish/content.css" title="Cavendish" media="screen"> +<link rel="stylesheet" type="text/css" href="../../../../css/base/template.css" media="screen"> +<link rel="stylesheet" type="text/css" href="../../../../css/cavendish/template.css" title="Cavendish" media="screen"> +<link rel="icon" href="../../../../images/mozilla-16.png" type="image/png"> + +<TITLE>NSS FAQ</TITLE> +<script src="../../../../__utm.js" type="text/javascript"></script> +</head> +<body id="www-mozilla-org" class="secondLevel sectionDevelopers"> +<div id="container"> +<p class="skipLink"><a href="#mainContent" accesskey="2">Skip to main content</a></p> +<div id="header"> +<h1><a href="/" title="Return to home page" accesskey="1">Mozilla</a></h1> +<ul> +<li id="menu_aboutus"><a href="../../../../about/" title="Learn more about Mozilla">About</a></li> +<li id="menu_foundation"><a href="../../../../foundation/" title="Information about the non-profit Mozilla Foundation">Foundation</a></li> +<li id="menu_contribute"><a href="../../../../contribute/" title="Find out how to get involved with Mozilla">Contribute</a></li> +<li id="menu_community"><a href="../../../../community/" title="List of community sites and other resources">Community</a></li> +<li id="menu_developers"><a href="../../../../developer/" title="Resources and links for developers">Developers</a></li> +<li id="menu_projects"><a href="../../../../projects/" title="Projects being created by the Mozilla community">Projects</a></li> +</ul> +<form id="searchbox_002443141534113389537:ysdmevkkknw" action="http://www.google.com/cse" title="mozilla.org Search"> +<div> +<label for="q" title="Search mozilla.org's sites">search mozilla:</label> +<input type="hidden" name="cx" value="002443141534113389537:ysdmevkkknw"> +<input type="hidden" name="cof" value="FORID:0"> +<input type="text" id="q" name="q" accesskey="s" size="30"> +<input type="submit" id="submit" value="Go"> +</div> +</form> +</div> +<hr class="hide"> +<div id="mBody"> +<div id="side"> + +<ul id="nav"> +<li><a title="Roadmap" href="../../../../roadmap.html"><strong> Roadmap</strong></a></li> +<li><a title="Projects" href="../../../../projects/"><strong> Projects</strong></a></li> +<li><a title="For developers" href="../../../../developer/"><strong> Coding</strong></a> +<ul> +<li><a title="Module Owners" href="../../../../owners.html"> Module Owners</a></li> +<li><a title="Hacking" href="../../../../hacking/"> Hacking</a></li> +<li><a title="Get the Source" href="http://developer.mozilla.org/en/docs/Download_Mozilla_Source_Code"> Get the Source</a></li> +<li><a title="Building Mozilla" href="http://developer.mozilla.org/en/docs/Build_Documentation"> Build It</a></li> +</ul> +</li> +<li><a title="Testing" href="http://quality.mozilla.org/"><strong> Testing</strong></a> +<ul> +<li><a title="Downloads of mozilla.org software releases" href="../../../../download.html"> Releases</a></li> +<li><a title="Latest mozilla builds for testers" href="../../../../developer/#builds"> Nightly Builds</a></li> +<li><a title="For testers to report bugs" href="https://bugzilla.mozilla.org/"> Report A Problem</a></li> +</ul> +</li> +<li><a title="Tools for mozilla developers" href="../../../../tools.html"><strong> Tools</strong></a> +<ul> +<li><a title="Bug tracking system for mozilla testers." href="https://bugzilla.mozilla.org/"> Bugzilla</a></li> +<li><a title="Latest status of mozilla builds" href="http://tinderbox.mozilla.org/showbuilds.cgi?tree=Firefox"> Tinderbox</a></li> +<li><a title="Latest checkins" href="http://bonsai.mozilla.org/cvsqueryform.cgi"> Bonsai</a></li> +<li><a title="Source cross reference" href="http://mxr.mozilla.org/"> MXR</a></li> +</ul> +</li> +<li><a title="Frequently Asked Questions." href="../../../../faq.html"><strong> FAQs</strong></a></li> +</ul> + +</div> +<hr class="hide"> +<div id="mainContent"> + + + + +<center> +<h2>NSS FAQ</h2> +<i><FONT SIZE="-1"> + +Newsgroup: +<A HREF="news://news.mozilla.org/mozilla.dev.tech.crypto">mozilla.dev.tech.crypto</A> + +</FONT></i> +</center> + +<p> +<hr> +<p> + +<a href="#Q1">General Questions</a> + +<ul> +<li> +<a href="#Q1.1">What is Network Security Services (NSS)?</a></li> +<li> +<a href="#Q1.2">What can I do with NSS? Is NSS appropriate for my application?</a></li> +<li> +<a href="#q1.2a">How does NSS compare to OpenSSL?</a></li> +<li> +<a href="#q1.3">How does NSS compare to SSLRef?</a></li> +<li> +<a href="#q1.4">What platforms and development environments are supported?</a></li> +<li> +<a href="#q1.5">What cryptography standards are supported?</a></li> +<li> +<a href="#q1.7">What is the relationship between NSS and PSM?</a></li> +<li> +<a href="#q1.7">Where can I get the source?</a></li> +<li> +<a href="#q1.8">How much does it cost?</a></li> +</ul> + +<a href="#Q2">Developer Questions</a> +<ul> +<li> +<a href="#q2.1">What hardware accelerators are supported?</a></li> +<li> +<a href="#q2.2">How do I integrate smart cards into my application using +NSS?</a></li> +<li> +<a href="#q2.3">How is NSS compatible with other Netscape products?</a></li> +<li> +<a href="#q2.4">Does NSS require Netscape Portable Runtime (NSPR)?</a></li> +<li> +<a href="#q2.5">Can I use NSS even if my application protocol isn't HTTP?</a></li> +<li> +<a href="#q2.6">How long does it take to integrate NSS into my application?</a></li> +<li> +<a href="#q2.6">How can I learn more about SSL?</a></li> +</ul> + +<a href="#Q3">Licensing Questions</a> +<ul> +<li> +<a href="#q3.1">How is NSS licensed?</a> +<li> +<a href="#q3.2">Is NSS available outside the United States?</a></li> +</ul> +<h2> + <a NAME="Q1"><hr WIDTH="100%"></a>General Questions</h2> +<a NAME="Q1.1"></a><H4>What is Network Security Services (NSS)?</h4> +<P>NSS is set of libraries, APIs, utilities, and documentation designed +to support cross-platform development of security-enabled client and +server applications. It provides a complete open-source implementation +of the crypto libraries used by Netscape and other companies in the +Netscape 6 browser, server products from iPlanet E-Commerce Solutions, the +Gateway Connected Touch Pad with Instant AOL, and other products. + +<p>For an +overview of NSS, see <a href="overview.html">Overview of NSS</a>. For detailed information +on the open-source NSS project, see <a href="index.html">NSS Project Page</a>. + +<br> +<a NAME="Q1.2"></a><H4>What can I do with NSS? Is NSS appropriate for +my application?</h4> +<P>If you want add support for SSL, S/MIME, or other Internet security standards +to your application, you can use Network Security Services (NSS) to do so. Because +NSS provides complete support for all versions of SSL and TLS, it is particularly well-suited +for applications that need to communicate with the many clients and servers +that already support the SSL protocol. +<p>The PKCS #11 interface included in NSS means that your application can +use <a href="#q2.1">hardware accelerators</a> on the server and <a href="#q2.2">smart +cards</a> for two-factor authentication. +<br> + + <a NAME="q1.2a"></a><H4>How does NSS compare to OpenSSL?</h4> + +<a href="http://www.openssl.org/">OpenSSL</a> is an open source project that implements server-side SSL, +TLS, and a general-purpose cryptography library. It does not support PKCS #11. It is based on +the SSLeay library developed by Eric A. Young and Tim J. Hudson. OpenSSL is widely used in +Apache servers and is licensed under an Apache-style licence. + +<p>NSS supports both server and client applications as well as PKCS #11 and S/MIME. To permit its use +in as many contexts as possible, +NSS is triple-licensed under the <a href="../../../../MPL/">Mozilla Public License</a>, the +<a href="http://www.gnu.org/copyleft/gpl.html">GNU General Public License</a>, +and the <a href="http://www.gnu.org/copyleft/lesser.html">GNU Lesser General Public License</a>. +You may choose to use the code either under the terms of the MPL or the GPL or the LGPL. + +<a NAME="q1.3"></a><H4>How does NSS compare to SSLRef?</h4> +SSLRef was an early reference implementation of the SSL protocol. It contains +bugs that were never fixed, doesn't support TLS or or the +new 56-bit export cipher suites, and does not contain the fix to the +Bleichenbacher attack on PKCS#1. + +<p>Netscape no longer maintains SSLRef or makes it available. It was built as +an example of an SSL implementation, not for creating production applications. + +<p>NSS was designed from the ground up for use by commercial developers. +It provides a complete software development kit +that uses the same architecture used to support security features in many client +and server products from Netscape and other companies. + +<a NAME="q1.4"></a><H4>What platforms and development environments are supported?</h4> +<P>iPlanet E-Commerce Solutions has certified NSS 3.1 on 18 platforms, including AIX 4.3, HP-UX 11.0, +Red Hat Linux 6.0, Solaris (2.6 or later), Windows NT (4.0 or later), and +Windows 2000. Other contributors are in the process of certifying additional platforms. +The NSS 3.1 API requires C or C++ development environments. + +<p>For the latest NSS release notes and detailed platform information, see +<a href="release_notes_31.html">NSS 3.1 Release Notes</a>. + +<a NAME="q1.5"></a><H4>What cryptography standards does NSS support?</h4> +<P>NSS supports <a HREF="../../../docs/jargon.html#SSL">SSL v2 and v3</a>, + <a HREF="../../../../docs/jargon.html#TLS">TLS</a>, + <a HREF="../../../../docs/jargon.html#PKCS5">PKCS #5</a>, + <a HREF="../../../../docs/jargon.html#PKCS7">PKCS #7</a>, + <a HREF="../../../../docs/jargon.html#PKCS11">PKCS #11</a>, + <a HREF="../../../../docs/jargon.html#PKCS12">PKCS #12</a>, + <a HREF="../../../../docs/jargon.html#SMIME">S/MIME</a>, and + <a HREF="../../../../docs/jargon.html#X.509">X.509 v3</a> certificates. +For complete details, +see <a href="nss-3.11/nss-3.11-algorithms.html"> +Encryption Technologies</a>. + +<a NAME="q1.6"></a><H4>What is the relationship between NSS and PSM?</H4> + +Personal Security Manager (PSM) is built on top of NSS. It consists of libraries +and a daemon designed to support cross-platform development of security-enabled +client applications. The PSM binary provides a client module +that performs cryptographic operations on behalf of applications. +Netscape Personal Security Manager ships with Netscape 6 and the Gateway Connected Touch Pad with Instant AOL, +and is also available for use with Communicagotr 4.7x. + +<p>For more information about the PSM open-source project, see <a href="../psm">Personal Security Manager</a>. + +<a NAME="q1.7"></a><H4>Where can I get the source code?</H4> + +For instructions on how to check out and build the NSS 3.1 source code, see +<a href="buildnss_31.html">Build Instructions for NSS 3.1.</a> The source code may also +be downloaded as a tar file from +<a href="ftp://ftp.mozilla.org/pub/mozilla.org/security/">ftp://ftp.mozilla.org/pub/mozilla.org/security/</a>. + +<a NAME="q1.8"></a><H4>How much does it cost?</H4> + +NSS source code and binaries (when they become available) are completely free. No license fees, +no royalty fees, no subscription fees. + + +<a NAME="Q2"><h2> +<hr WIDTH="100%"></a>Developer Questions</h2> + +<a NAME="q2.1"></a><H4>What hardware accelerators are supported?</h4> +<P>NSS supports the PKCS #11 interface for hardware acceleration. Since leading accelerator vendors such as +Chrysalis-IT, nCipher, and Rainbow Technologies also support this interface, NSS-enabled applications +can support a wide variety of hardware accelerators. +<a NAME="q2.2"></a><H4>How do I integrate smart cards into my application using +NSS?</h4> +<P>NSS supports the PKCS #11 interface for smart card integration. Applications that use the PKCS #11 +interface provided by NSS will therefore support smart cards from leading vendors such as +ActiveCard, Litronic, and SecureID Technologies that also support the PKCS #11 interface. + +<a NAME="q2.3"></a><H4>How is NSS compatible with other Netscape products?</h4> +<P>NSS provides tight integration with other Netscape products in two ways. +First, by using NSS to implement SSL and TLS, you can support SSL communications +with all products from Netscape and all other vendors +that support SSL<FONT color="#CC0000"> and TLS.</FONT> Second, NSS makes it easy +to share certificates between Netscape client and server products +and your application. + +<a NAME="q2.4"></a><H4>Does NSS require Netscape Portable Runtime (NSPR)?</h4> +<P>To provide cross-platform support, NSS utilizes Netscape Portable Runtime +(NSPR) libraries as a portability interface and implementation that +provides consistent cross-platform semantics for network I/O and threading +models. You can use NSPR throughout your application or +only in the portion that calls into NSS. Netscape strongly recommends that +multithreaded applications use the NSPR or native OS threading model. (In +recent NSPR releases, the NSPR threading model is compatible with the native +threading model if the OS has native threads.) Alternatively, you can adapt +the open-source NSPR implementation to be compatible with your existing +application's threading models. More information about NSPR may be found at +<a href="http://www.mozilla.org/projects/nspr/">Netscape Portable Runtime</a>. +<br> + +<a NAME="q2.5"></a><H4>Can I use NSS even if my application protocol isn't +HTTP?</h4> +<P>Yes, SSL independent of application protocols. It works with common +Internet standard application protocols (HTTP, POP3, FTP, SMTP, etc.) as +well as custom application protocols using TCP/IP. + +<br> +<a NAME="q2.6"></a><H4>How long does it take to integrate NSS into my application?</h4> +<P>The integration effort depends on an number of factors, such as developer +skill set, application complexity, and the level of security required for +your application. NSS includes detailed documentation of the SSL API and +sample code that demonstrates basic SSL functionality (setting up an encrypted +session, server authentication, and client authentication) to help jump start the +integration process. However, there is little or no documentation currently +available for the rest of the NSS API. If your application requires sophisticated +certificate management, smart card support, or hardware acceleration, your +integration effort will be more extensive. + +<a NAME="q2.7"></a><H4> Where can I download the NSS tools?</h4> + +Currently, you must download the NSS source and build it to create binary files for the NSS tools. +For more information, see <A HREF="tools/">NSS Tools</A>. + + +<a NAME="q2.8"></a><H4>How can I learn more about SSL?</h4> + +NSS provides extensive documentation related to SSL, including high-level introductions, +detailed API documentation, sample code for simple client and server +applications, the original SSL 3.0 specification, and +information on debugging SSL applications. For details, see the +<a href="ssl/">SSL/TLS Project Page</a>. For information about the NSS tools, including those used +for debugging SSL applications, see <a href="http://www.mozilla.org/projects/security/pki/nss/tools/"> +NSS Security Tools</a>. + +<a NAME="Q3"><h2> +<hr WIDTH="100%"></a>Licensing Questions</h2> +<H4><a NAME="q3.1"></a>How is NSS licensed?</h4> +<P>NSS is triple-licensed under the <a href="../../../../MPL/">Mozilla Public License</a>, the +<a href="http://www.gnu.org/copyleft/gpl.html">GNU General Public License</a>, +and the <a href="http://www.gnu.org/copyleft/lesser.html">GNU Lesser General Public License</a>. +For more details, see the <a href="http://www.mozilla.org/crypto-faq.html#1-3">Mozilla Crypto FAQ</a>. + +<a NAME="q3.2"></a><H4>Is NSS available outside the United States?</h4> +<P>Yes; see +<a href="buildnss_31.html">Build Instructions for NSS 3.1.</a> and +<a href="ftp://ftp.mozilla.org/pub/mozilla.org/security/">ftp://ftp.mozilla.org/pub/mozilla.org/security/</a>. +However, NSS source code is subject to the U.S. Export +Administration Regulations and other U.S. law, and may not be exported or +re-exported to certain +countries (currently Cuba, Iran, Libya, North Korea, Sudan and Syria) or +to persons or entities prohibited from receiving U.S. exports (including +those (a) on the Bureau of Industry and Security Denied Parties List or +Entity List, (b) on the Office of Foreign Assets Control list of Specially +Designated Nationals and Blocked Persons, and (c) involved with missile +technology or nuclear, chemical or biological weapons). + +<p>For more information about U.S. export controls on encryption software, +see the <a href="http://www.mozilla.org/crypto-faq.html">Mozilla Crypto FAQ</a>. + + + + + +<hr class="hide"> +</div> +</div> +<div id="footer"> +<ul> +<li><a href="../../../../support/">Support Options</a></li> +<li><a href="../../../../security/">Security Center</a></li> +<li><a href="../../../../privacy-policy.html">Privacy Policy</a></li> +<li><a href="../../../../contact/">Contact Us</a></li> +</ul> +<p class="affiliates">International Affiliates: <a href="http://www.mozilla-europe.org/">Mozilla Europe</a> - <a +href="http://mozilla.jp/">Mozilla Japan</a> - <a href="http://www.mozillaonline.com/">Mozilla China</a></p> +<p class="copyright"> +Portions of this content are © 1998–2009 by individual mozilla.org contributors<br> +Content available under a Creative Commons <a href="http://www.mozilla.org/foundation/licensing/website-content.html">license</a></p> +<p> +<span>Last modified July 12, 2007</span> +<span><a href="http://bonsai-www.mozilla.org/cvslog.cgi?file=mozilla-org/html/projects/security/pki/nss/faq.html&rev=&root=/www/">Document History</a></span> +<span><a href="https://doctor.mozilla.org/?action=edit&file=mozilla-org/html/projects/security/pki/nss/faq.html">Edit this Page</a></span> <span>(or <a href="/contribute/writing/cvs">via CVS</a>)</span> +</p> +</div> +</div> +</body> +</html> |