aboutsummaryrefslogtreecommitdiffstats
path: root/lib/crypto/doc/src/crypto_app.xml
diff options
context:
space:
mode:
authorDániel Szoboszlay <[email protected]>2014-05-13 10:39:36 +0200
committerMagnus Henoch <[email protected]>2016-09-28 15:09:42 +0100
commitcbc937f1c16964669a6d4865aeda2fcdeef9df0f (patch)
tree74a65eafb13b6a271fec4730fe6f09356fe40d73 /lib/crypto/doc/src/crypto_app.xml
parentb6c83354ac6c3d37dd5f9891932302e4104606eb (diff)
downloadotp-cbc937f1c16964669a6d4865aeda2fcdeef9df0f.tar.gz
otp-cbc937f1c16964669a6d4865aeda2fcdeef9df0f.tar.bz2
otp-cbc937f1c16964669a6d4865aeda2fcdeef9df0f.zip
Document FIPS mode support
Diffstat (limited to 'lib/crypto/doc/src/crypto_app.xml')
-rw-r--r--lib/crypto/doc/src/crypto_app.xml24
1 files changed, 22 insertions, 2 deletions
diff --git a/lib/crypto/doc/src/crypto_app.xml b/lib/crypto/doc/src/crypto_app.xml
index 2b9e505988..a958bdfcb7 100644
--- a/lib/crypto/doc/src/crypto_app.xml
+++ b/lib/crypto/doc/src/crypto_app.xml
@@ -41,14 +41,34 @@
<section>
<title>DEPENDENCIES</title>
- <p>The current crypto implementation uses nifs to interface OpenSSLs crypto library
- and requires <em>OpenSSL</em> package version 0.9.8 or higher.</p>
+ <p>The current crypto implementation uses nifs to interface
+ OpenSSLs crypto library and requires <em>OpenSSL</em> package
+ version 0.9.8 or higher. FIPS mode support requires at least
+ version 1.0.1 and a FIPS capable OpenSSL installation.</p>
+
<p>Source releases of OpenSSL can be downloaded from the <url href="http://www.openssl.org">OpenSSL</url> project home page,
or mirror sites listed there.
</p>
</section>
<section>
+ <title>CONFIGURATION</title>
+ <p>The following configuration parameters are defined for the
+ crypto application. See <c>app(3)</c> for more information about
+ configuration parameters.</p>
+ <taglist>
+ <tag><c>fips_mode = boolean()</c></tag>
+ <item>
+ <p>Specifies whether to run crypto in FIPS mode. This setting
+ will take effect when the nif module is loaded. If FIPS mode
+ is requested but not available at run time the nif module and
+ thus the crypto module will fail to load. This mechanism
+ prevents the accidental use of non-validated algorithms.</p>
+ </item>
+ </taglist>
+ </section>
+
+ <section>
<title>SEE ALSO</title>
<p>application(3)</p>
</section>