1 diff -up openssl-1.0.0-beta5/README.warning openssl-1.0.0-beta5/README
2 --- openssl-1.0.0-beta5/README.warning 2010-01-20 16:00:47.000000000 +0100
3 +++ openssl-1.0.0-beta5/README 2010-01-21 09:06:11.000000000 +0100
5 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
11 + This version of OpenSSL is built in a way that supports operation in
12 + the so called FIPS mode. Note though that the library as we build it
13 + is not FIPS validated and the FIPS mode is present for testing purposes
16 + This version also contains a few differences from the upstream code
18 + * There are added changes forward ported from the upstream OpenSSL
19 + 0.9.8 FIPS branch however the FIPS integrity verification check
20 + is implemented differently from the upstream FIPS validated OpenSSL
21 + module. It verifies HMAC-SHA256 checksum of the whole shared
22 + libraries. For this reason the changes are ported to files in the
23 + crypto directory and not in a separate fips subdirectory. Also
24 + note that the FIPS integrity verification check requires unmodified
25 + libcrypto and libssl shared library files which means that it will
26 + fail if these files are modified for example by prelink.
27 + * The module respects the kernel FIPS flag /proc/sys/crypto/fips and
28 + tries to initialize the FIPS mode if it is set to 1 aborting if the
29 + FIPS mode could not be initialized. It is also possible to force the
30 + OpenSSL library to FIPS mode especially for debugging purposes by
31 + setting the environment variable OPENSSL_FORCE_FIPS_MODE.
32 + * If the environment variable OPENSSL_NO_DEFAULT_ZLIB is set the module
33 + will not automatically load the built in compression method ZLIB
34 + when initialized. Applications can still explicitely ask for ZLIB