summaryrefslogtreecommitdiffstats
path: root/source/l/mozilla-nss/faq.html
blob: 176fe8f883b6c5b0391fdf0bea2eb00bfa67a0fd (about) (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<link rel="top" title="Home" href="http://www.mozilla.org/">
<link rel="stylesheet" type="text/css" href="../../../../css/print.css"  media="print">
<link rel="stylesheet" type="text/css" href="../../../../css/base/content.css"  media="all">
<link rel="stylesheet" type="text/css" href="../../../../css/cavendish/content.css" title="Cavendish" media="screen">
<link rel="stylesheet" type="text/css" href="../../../../css/base/template.css"  media="screen">
<link rel="stylesheet" type="text/css" href="../../../../css/cavendish/template.css" title="Cavendish" media="screen">
<link rel="icon" href="../../../../images/mozilla-16.png" type="image/png">

<TITLE>NSS FAQ</TITLE>
<script src="../../../../__utm.js" type="text/javascript"></script>
</head>
<body id="www-mozilla-org" class="secondLevel sectionDevelopers">
<div id="container">
<p class="skipLink"><a href="#mainContent" accesskey="2">Skip to main content</a></p>
<div id="header">
<h1><a href="/" title="Return to home page" accesskey="1">Mozilla</a></h1>
<ul>
<li id="menu_aboutus"><a href="../../../../about/" title="Learn more about Mozilla">About</a></li>
<li id="menu_foundation"><a href="../../../../foundation/" title="Information about the non-profit Mozilla Foundation">Foundation</a></li>
<li id="menu_contribute"><a href="../../../../contribute/" title="Find out how to get involved with Mozilla">Contribute</a></li>
<li id="menu_community"><a href="../../../../community/" title="List of community sites and other resources">Community</a></li>
<li id="menu_developers"><a href="../../../../developer/" title="Resources and links for developers">Developers</a></li>
<li id="menu_projects"><a href="../../../../projects/" title="Projects being created by the Mozilla community">Projects</a></li>
</ul>
<form id="searchbox_002443141534113389537:ysdmevkkknw" action="http://www.google.com/cse" title="mozilla.org Search">
<div>
<label for="q" title="Search mozilla.org's sites">search mozilla:</label>
<input type="hidden" name="cx" value="002443141534113389537:ysdmevkkknw">
<input type="hidden" name="cof" value="FORID:0">
<input type="text" id="q" name="q" accesskey="s" size="30">
<input type="submit" id="submit" value="Go">
</div>
</form>
</div>
<hr class="hide">
<div id="mBody">
<div id="side">

<ul id="nav">
<li><a title="Roadmap" href="../../../../roadmap.html"><strong> Roadmap</strong></a></li>
<li><a title="Projects" href="../../../../projects/"><strong> Projects</strong></a></li>
<li><a title="For developers" href="../../../../developer/"><strong> Coding</strong></a>
<ul>
<li><a title="Module Owners" href="../../../../owners.html"> Module Owners</a></li>
<li><a title="Hacking" href="../../../../hacking/"> Hacking</a></li>
<li><a title="Get the Source" href="http://developer.mozilla.org/en/docs/Download_Mozilla_Source_Code"> Get the Source</a></li>
<li><a title="Building Mozilla" href="http://developer.mozilla.org/en/docs/Build_Documentation"> Build It</a></li>
</ul>
</li>
<li><a title="Testing" href="http://quality.mozilla.org/"><strong> Testing</strong></a>
<ul>
<li><a title="Downloads of mozilla.org software releases" href="../../../../download.html"> Releases</a></li>
<li><a title="Latest mozilla builds for testers" href="../../../../developer/#builds"> Nightly Builds</a></li>
<li><a title="For testers to report bugs" href="https://bugzilla.mozilla.org/"> Report A Problem</a></li>
</ul>
</li>
<li><a title="Tools for mozilla developers" href="../../../../tools.html"><strong> Tools</strong></a>
<ul>
<li><a title="Bug tracking system for mozilla testers." href="https://bugzilla.mozilla.org/"> Bugzilla</a></li>
<li><a title="Latest status of mozilla builds" href="http://tinderbox.mozilla.org/showbuilds.cgi?tree=Firefox"> Tinderbox</a></li>
<li><a title="Latest checkins" href="http://bonsai.mozilla.org/cvsqueryform.cgi"> Bonsai</a></li>
<li><a title="Source cross reference" href="http://mxr.mozilla.org/"> MXR</a></li>
</ul>
</li>
<li><a title="Frequently Asked Questions." href="../../../../faq.html"><strong> FAQs</strong></a></li>
</ul>

</div>
<hr class="hide">
<div id="mainContent">




<center>
<h2>NSS FAQ</h2>
<i><FONT SIZE="-1">

Newsgroup: 
<A HREF="news://news.mozilla.org/mozilla.dev.tech.crypto">mozilla.dev.tech.crypto</A>

</FONT></i>
</center>

<p>
<hr>
<p>

<a href="#Q1">General Questions</a>

<ul>
<li>
<a href="#Q1.1">What is Network Security Services (NSS)?</a></li>
<li>
<a href="#Q1.2">What can I do with NSS? Is NSS appropriate for my application?</a></li>
<li>
<a href="#q1.2a">How does NSS compare to OpenSSL?</a></li>
<li>
<a href="#q1.3">How does NSS compare to SSLRef?</a></li>
<li>
<a href="#q1.4">What platforms and development environments are supported?</a></li>
<li>
<a href="#q1.5">What cryptography standards are supported?</a></li>
<li>
<a href="#q1.7">What is the relationship between NSS and PSM?</a></li>
<li>
<a href="#q1.7">Where can I get the source?</a></li>
<li>
<a href="#q1.8">How much does it cost?</a></li>
</ul>

<a href="#Q2">Developer Questions</a>
<ul>
<li>
<a href="#q2.1">What hardware accelerators are supported?</a></li>
<li>
<a href="#q2.2">How do I integrate smart cards into my application using
NSS?</a></li>
<li>
<a href="#q2.3">How is NSS compatible with other Netscape products?</a></li>
<li>
<a href="#q2.4">Does NSS require Netscape Portable Runtime (NSPR)?</a></li>
<li>
<a href="#q2.5">Can I use NSS even if my application protocol isn't HTTP?</a></li>
<li>
<a href="#q2.6">How long does it take to integrate NSS into my application?</a></li>
<li>
<a href="#q2.6">How can I learn more about SSL?</a></li>
</ul>

<a href="#Q3">Licensing Questions</a>
<ul>
<li>
<a href="#q3.1">How is NSS licensed?</a>
<li>
<a href="#q3.2">Is NSS available outside the United States?</a></li>
</ul>
<h2>
 <a NAME="Q1"><hr WIDTH="100%"></a>General Questions</h2>
<a NAME="Q1.1"></a><H4>What is Network Security Services (NSS)?</h4>
<P>NSS is set of libraries, APIs, utilities, and documentation designed 
to support cross-platform development of security-enabled client and 
server applications. It provides a complete open-source implementation 
of the crypto libraries used by Netscape and other companies in the 
Netscape 6 browser, server products from iPlanet E-Commerce Solutions, the 
Gateway Connected Touch Pad with Instant AOL, and other products. 

<p>For an
overview of NSS, see <a href="overview.html">Overview of NSS</a>. For detailed information 
on the open-source NSS project, see <a href="index.html">NSS Project Page</a>.
   
<br> 
<a NAME="Q1.2"></a><H4>What can I do with NSS?  Is NSS appropriate for
my application?</h4>
<P>If you want add support for SSL, S/MIME, or other Internet security standards 
to your application, you can use Network Security Services (NSS) to do so. Because 
NSS provides complete support for all versions of SSL and TLS, it is particularly well-suited
for applications that need to communicate with the many clients and servers
that already support the SSL protocol. 
<p>The PKCS #11 interface included in NSS means that your application can
use <a href="#q2.1">hardware accelerators</a>  on the server and <a href="#q2.2">smart
cards</a> for two-factor authentication.
<br> 

 <a NAME="q1.2a"></a><H4>How does NSS compare to OpenSSL?</h4>

<a href="http://www.openssl.org/">OpenSSL</a> is an open source project that implements server-side SSL, 
TLS, and a general-purpose cryptography library. It does not support PKCS #11. It is based on 
the SSLeay library developed by Eric A. Young and Tim J. Hudson. OpenSSL is widely used in 
Apache servers and is licensed under an Apache-style licence.

<p>NSS supports both server and client applications as well as PKCS #11 and S/MIME. To permit its use 
in as many contexts as possible, 
NSS is triple-licensed under the <a href="../../../../MPL/">Mozilla Public License</a>, the 
<a href="http://www.gnu.org/copyleft/gpl.html">GNU General Public License</a>,
and the <a href="http://www.gnu.org/copyleft/lesser.html">GNU Lesser General Public License</a>. 
You may choose to use the code either under the terms of the MPL or the GPL or the LGPL.

<a NAME="q1.3"></a><H4>How does NSS compare to SSLRef?</h4>
SSLRef was an early reference implementation of the SSL protocol. It contains 
bugs that were never fixed, doesn't support TLS or or the 
new 56-bit export cipher suites, and does not contain the fix to the
Bleichenbacher attack on PKCS#1.

<p>Netscape no longer maintains SSLRef or makes it available. It was built as 
an example of an SSL implementation, not for creating production applications.

<p>NSS was designed from the ground up for use by commercial developers.
It provides a complete software development kit 
that uses the same architecture used to support security features in many client 
and server products from Netscape and other companies.

<a NAME="q1.4"></a><H4>What platforms and development environments are supported?</h4>
<P>iPlanet E-Commerce Solutions has certified NSS 3.1 on 18 platforms, including AIX 4.3, HP-UX 11.0, 
Red Hat Linux 6.0, Solaris (2.6 or later), Windows NT (4.0 or later), and
Windows 2000. Other contributors are in the process of certifying additional platforms. 
The NSS 3.1 API requires C or C++ development environments. 

<p>For the latest NSS release notes and detailed platform information, see 
<a href="release_notes_31.html">NSS 3.1 Release Notes</a>.

<a NAME="q1.5"></a><H4>What cryptography standards does NSS support?</h4>
<P>NSS supports <a HREF="../../../docs/jargon.html#SSL">SSL v2 and v3</a>, 
	<a HREF="../../../../docs/jargon.html#TLS">TLS</a>,
	<a HREF="../../../../docs/jargon.html#PKCS5">PKCS #5</a>, 
	<a HREF="../../../../docs/jargon.html#PKCS7">PKCS #7</a>,
	<a HREF="../../../../docs/jargon.html#PKCS11">PKCS #11</a>,  
	<a HREF="../../../../docs/jargon.html#PKCS12">PKCS #12</a>, 
	<a HREF="../../../../docs/jargon.html#SMIME">S/MIME</a>, and 
	<a HREF="../../../../docs/jargon.html#X.509">X.509 v3</a> certificates. 
For complete details, 
see <a href="nss-3.11/nss-3.11-algorithms.html">
Encryption Technologies</a>.

<a NAME="q1.6"></a><H4>What is the relationship between NSS and PSM?</H4>

Personal Security Manager (PSM) is built on top of NSS. It consists of libraries 
and a daemon designed to support cross-platform development of security-enabled 
client applications. The PSM binary provides a client module 
that performs cryptographic operations on behalf of applications. 
Netscape Personal Security Manager ships with Netscape 6 and the Gateway Connected Touch Pad with Instant AOL, 
and is also available for use with Communicagotr 4.7x. 

<p>For more information about the PSM open-source project, see <a href="../psm">Personal Security Manager</a>.

<a NAME="q1.7"></a><H4>Where can I get the source code?</H4>

For instructions on how to check out and build the NSS 3.1 source code, see 
<a href="buildnss_31.html">Build Instructions for NSS 3.1.</a> The source code may also 
be downloaded as a tar file from 
<a href="ftp://ftp.mozilla.org/pub/mozilla.org/security/">ftp://ftp.mozilla.org/pub/mozilla.org/security/</a>.

<a NAME="q1.8"></a><H4>How much does it cost?</H4>

NSS source code and binaries (when they become available) are completely free. No license fees, 
no royalty fees, no subscription fees. 


<a NAME="Q2"><h2>
<hr WIDTH="100%"></a>Developer Questions</h2>

<a NAME="q2.1"></a><H4>What hardware accelerators are supported?</h4>
<P>NSS supports the PKCS #11 interface for hardware acceleration. Since leading accelerator vendors such as 
Chrysalis-IT, nCipher, and Rainbow Technologies also support this interface, NSS-enabled applications 
can support a wide variety of hardware accelerators.
<a NAME="q2.2"></a><H4>How do I integrate smart cards into my application using
NSS?</h4>
<P>NSS supports the PKCS #11 interface for smart card integration. Applications that use the PKCS #11 
interface provided by NSS will therefore support smart cards from leading vendors such as 
ActiveCard, Litronic, and SecureID Technologies that also support the PKCS #11 interface.

<a NAME="q2.3"></a><H4>How is NSS compatible with other Netscape products?</h4>
<P>NSS provides tight integration with other Netscape products in two ways.
First, by using NSS to implement SSL and TLS, you can support SSL communications
with all products from Netscape and all other vendors
that support SSL<FONT color="#CC0000"> and TLS.</FONT> Second, NSS makes it easy 
to share certificates between Netscape client and server products
and your application.

<a NAME="q2.4"></a><H4>Does NSS require Netscape Portable Runtime (NSPR)?</h4>
<P>To provide cross-platform support, NSS utilizes Netscape Portable Runtime
(NSPR) libraries as a portability interface and implementation that
provides consistent cross-platform semantics for network I/O and threading
models. You can use NSPR throughout your application or
only in the portion that calls into NSS. Netscape strongly recommends that
multithreaded applications use the NSPR or native OS threading model. (In
recent NSPR releases, the NSPR threading model is compatible with the native
threading model if the OS has native threads.) Alternatively, you can adapt
the open-source NSPR implementation to be compatible with your existing
application's threading models. More information about NSPR may be found at
<a href="http://www.mozilla.org/projects/nspr/">Netscape Portable Runtime</a>.
<br> 

<a NAME="q2.5"></a><H4>Can I use NSS even if my application protocol isn't
HTTP?</h4>
<P>Yes, SSL independent of application protocols. It works with common
Internet standard application protocols (HTTP, POP3, FTP, SMTP, etc.) as
well as custom application protocols using TCP/IP. 

<br> 
<a NAME="q2.6"></a><H4>How long does it take to integrate NSS into my application?</h4>
<P>The integration effort depends on an number of factors, such as developer
skill set, application complexity, and the level of security required for
your application. NSS includes detailed documentation of the SSL API and 
sample code that demonstrates basic SSL functionality (setting up an encrypted 
session, server authentication, and client authentication) to help jump start the 
integration process. However, there is little or no documentation currently 
available for the rest of the NSS API. If your application requires sophisticated 
certificate management, smart card support, or hardware acceleration, your 
integration effort will be more extensive.

<a NAME="q2.7"></a><H4>	Where can I download the NSS tools?</h4>

Currently, you must download the NSS source and build it to create binary files for the NSS tools. 
For more information, see <A HREF="tools/">NSS Tools</A>.


<a NAME="q2.8"></a><H4>How can I learn more about SSL?</h4>

NSS provides extensive documentation related to SSL, including high-level introductions, 
detailed API documentation, sample code for simple client and server 
applications, the original SSL 3.0 specification, and 
information on debugging SSL applications. For details, see the 
<a href="ssl/">SSL/TLS Project Page</a>. For information about the NSS tools, including those used 
for debugging SSL applications, see <a href="http://www.mozilla.org/projects/security/pki/nss/tools/">
NSS Security Tools</a>. 

<a NAME="Q3"><h2>
<hr WIDTH="100%"></a>Licensing Questions</h2>
<H4><a NAME="q3.1"></a>How is NSS licensed?</h4>
<P>NSS is triple-licensed under the <a href="../../../../MPL/">Mozilla Public License</a>, the 
<a href="http://www.gnu.org/copyleft/gpl.html">GNU General Public License</a>,
and the <a href="http://www.gnu.org/copyleft/lesser.html">GNU Lesser General Public License</a>. 
For more details, see the <a href="http://www.mozilla.org/crypto-faq.html#1-3">Mozilla Crypto FAQ</a>.

<a NAME="q3.2"></a><H4>Is NSS available outside the United States?</h4>
<P>Yes; see 
<a href="buildnss_31.html">Build Instructions for NSS 3.1.</a> and 
<a href="ftp://ftp.mozilla.org/pub/mozilla.org/security/">ftp://ftp.mozilla.org/pub/mozilla.org/security/</a>. 
However, NSS source code is subject to the U.S. Export 
Administration Regulations and other U.S. law, and may not be exported or 
re-exported to certain
countries (currently Cuba, Iran, Libya, North Korea, Sudan and Syria) or
to persons or entities prohibited from receiving U.S. exports (including
those (a) on the Bureau of Industry and Security Denied Parties List or
Entity List, (b) on the Office of Foreign Assets Control list of Specially
Designated Nationals and Blocked Persons, and (c) involved with missile
technology or nuclear, chemical or biological weapons).

<p>For more information about U.S. export controls on encryption software, 
see the <a href="http://www.mozilla.org/crypto-faq.html">Mozilla Crypto FAQ</a>.


 


<hr class="hide">
</div>
</div>
<div id="footer">
<ul>
<li><a href="../../../../support/">Support Options</a></li>
<li><a href="../../../../security/">Security Center</a></li>
<li><a href="../../../../privacy-policy.html">Privacy Policy</a></li>
<li><a href="../../../../contact/">Contact Us</a></li>
</ul>
<p class="affiliates">International Affiliates: <a href="http://www.mozilla-europe.org/">Mozilla Europe</a> - <a
href="http://mozilla.jp/">Mozilla Japan</a> - <a href="http://www.mozillaonline.com/">Mozilla China</a></p>
<p class="copyright">
Portions of this content are &copy; 1998&#8211;2009 by individual mozilla.org contributors<br>
Content available under a Creative Commons <a href="http://www.mozilla.org/foundation/licensing/website-content.html">license</a></p>
<p>
<span>Last modified July 12,  2007</span>
<span><a href="http://bonsai-www.mozilla.org/cvslog.cgi?file=mozilla-org/html/projects/security/pki/nss/faq.html&amp;rev=&amp;root=/www/">Document History</a></span>
<span><a href="https://doctor.mozilla.org/?action=edit&amp;file=mozilla-org/html/projects/security/pki/nss/faq.html">Edit this Page</a></span> <span>(or <a href="/contribute/writing/cvs">via CVS</a>)</span>
</p>
</div>
</div>
</body>
</html>