1NSS-POLICY-CHECK(1)           NSS Security Tools           NSS-POLICY-CHECK(1)
2
3
4

NAME

6       nss-policy-check - nss-policy-check policy-file
7

SYNOPSIS

9       nss-policy-check
10

DESCRIPTION

12       nss-policy-check verifies crypto-policy configuration that controls
13       certain crypto algorithms are allowed/disallowed to use in the NSS
14       library.
15
16       The crypto-policy configuration can be stored in either a system-wide
17       configuration file, specified with the POLICY_PATH and POLICY_FILE
18       build options, or in the pkcs11.txt in NSS database.
19

USAGE AND EXAMPLES

21       To check the global crypto-policy configuration in
22       /etc/crypto-policies/back-ends/nss.config:
23
24           $ nss-policy-check /etc/crypto-policies/back-ends/nss.config
25           NSS-POLICY-INFO: LOADED-SUCCESSFULLY
26           NSS-POLICY-INFO: PRIME256V1 is enabled for KX
27           NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
28           NSS-POLICY-INFO: SECP256R1 is enabled for KX
29           NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
30           NSS-POLICY-INFO: SECP384R1 is enabled for KX
31           NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
32           ...
33           NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 13
34           NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
35           NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 9
36           ...
37           NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
38           NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
39           NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
40           ...
41           NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 24
42           NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 3
43           NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 2
44
45
46       If there is a failure or warning, it will be prefixed with
47       NSS-POLICY-FAIL or NSS-POLICY_WARN.
48
49       nss-policy-check exits with 2 if any failure is found, 1 if any warning
50       is found, or 0 if no errors are found.
51

ADDITIONAL RESOURCES

53       For information about NSS and other tools related to NSS (like JSS),
54       check out the NSS project wiki at
55       http://www.mozilla.org/projects/security/pki/nss/. The NSS site relates
56       directly to NSS code changes and releases.
57
58       Mailing lists: https://lists.mozilla.org/listinfo/dev-tech-crypto
59
60       IRC: Freenode at #dogtag-pki
61

AUTHORS

63       The NSS tools were written and maintained by developers with Netscape,
64       Red Hat, Sun, Oracle, Mozilla, and Google.
65
66       Authors: Elio Maldonado <emaldona@redhat.com>, Deon Lackey
67       <dlackey@redhat.com>.
68

LICENSE

70       Licensed under the Mozilla Public License, v. 2.0. If a copy of the MPL
71       was not distributed with this file, You can obtain one at
72       http://mozilla.org/MPL/2.0/.
73
74
75
76nss-tools 3.44.0                  Nov 13 2013              NSS-POLICY-CHECK(1)
Impressum