]>
Commit | Line | Data |
---|---|---|
0595faf5 MT |
1 | diff -up openssl-1.0.0-beta5/README.warning openssl-1.0.0-beta5/README |
2 | --- openssl-1.0.0-beta5/README.warning 2010-01-20 16:00:47.000000000 +0100 | |
3 | +++ openssl-1.0.0-beta5/README 2010-01-21 09:06:11.000000000 +0100 | |
4 | @@ -5,6 +5,35 @@ | |
5 | Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson | |
6 | All rights reserved. | |
7 | ||
8 | + WARNING | |
9 | + ------- | |
10 | + | |
11 | + This version of OpenSSL is built in a way that supports operation in | |
12 | + the so called FIPS mode. Note though that the library as we build it | |
13 | + is not FIPS validated and the FIPS mode is present for testing purposes | |
14 | + only. | |
15 | + | |
16 | + This version also contains a few differences from the upstream code | |
17 | + some of which are: | |
18 | + * There are added changes forward ported from the upstream OpenSSL | |
19 | + 0.9.8 FIPS branch however the FIPS integrity verification check | |
20 | + is implemented differently from the upstream FIPS validated OpenSSL | |
21 | + module. It verifies HMAC-SHA256 checksum of the whole shared | |
22 | + libraries. For this reason the changes are ported to files in the | |
23 | + crypto directory and not in a separate fips subdirectory. Also | |
24 | + note that the FIPS integrity verification check requires unmodified | |
25 | + libcrypto and libssl shared library files which means that it will | |
26 | + fail if these files are modified for example by prelink. | |
27 | + * The module respects the kernel FIPS flag /proc/sys/crypto/fips and | |
28 | + tries to initialize the FIPS mode if it is set to 1 aborting if the | |
29 | + FIPS mode could not be initialized. It is also possible to force the | |
30 | + OpenSSL library to FIPS mode especially for debugging purposes by | |
31 | + setting the environment variable OPENSSL_FORCE_FIPS_MODE. | |
32 | + * If the environment variable OPENSSL_NO_DEFAULT_ZLIB is set the module | |
33 | + will not automatically load the built in compression method ZLIB | |
34 | + when initialized. Applications can still explicitely ask for ZLIB | |
35 | + compression method. | |
36 | + | |
37 | DESCRIPTION | |
38 | ----------- | |
39 |