Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 913
  • Last Modified:

Enabling FIPS in Firefox prevents NTLM authentication?

In an NTLM authentication handshake, first the browser tries to access the server and gets a 401 Unauthorized response with a WWW-Authenticate header of "NTLM."  The browser can then optionally respond by sending an NTLM Type-1 message to initiate the NTLM handshake.  Normally, Firefox exercises this option, prompts me for a username and password and authenticates just fine.  But I find that when I enable the FIPS security device rather than the default Software Security Device, Firefox will neglect to respond to the initial 401 response with a Type-1 NTLM message and I just get a blank white screen.  Does anyone know why this is or how to get around it?
0
Ditchdigger
Asked:
Ditchdigger
1 Solution
 
DitchdiggerAuthor Commented:
Nevermind, I found the solution by poring over the Firefox source code.  Turns out Firefox decides NTLM is not secure enough to be FIPS-compliant, so when FIPS is on it refuses to use NTLM authentication.  Oh well, back to the drawing board.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now