In an NTLM authentication handshake, first the browser tries to access the server and gets a 401 Unauthorized response with a WWW-Authenticate header of "NTLM." The browser can then optionally respond by sending an NTLM Type-1 message to initiate the NTLM handshake. Normally, Firefox exercises this option, prompts me for a username and password and authenticates just fine. But I find that when I enable the FIPS security device rather than the default Software Security Device, Firefox will neglect to respond to the initial 401 response with a Type-1 NTLM message and I just get a blank white screen. Does anyone know why this is or how to get around it?