diff options
author | Hans Nilsson <[email protected]> | 2016-10-11 16:01:24 +0200 |
---|---|---|
committer | Hans Nilsson <[email protected]> | 2016-10-11 16:01:24 +0200 |
commit | fec3e5165d2583969770114cc14d0e39a422d61a (patch) | |
tree | f6e8dff23a24e3ba32a05af739ef28220aecd6ca /lib/crypto/doc/src/crypto_app.xml | |
parent | 301c8e78a1445c0d0080fdb758a3b9e8140fb626 (diff) | |
parent | 0411d5492319a5bc555247a3f783aaa421b4f31c (diff) | |
download | otp-fec3e5165d2583969770114cc14d0e39a422d61a.tar.gz otp-fec3e5165d2583969770114cc14d0e39a422d61a.tar.bz2 otp-fec3e5165d2583969770114cc14d0e39a422d61a.zip |
Merge branch 'legoscia/ssl_in_fips_mode/PR-1180/OTP-13921'
Conflicts:
lib/crypto/c_src/crypto.c
lib/ssl/src/ssl_cipher.erl
Diffstat (limited to 'lib/crypto/doc/src/crypto_app.xml')
-rw-r--r-- | lib/crypto/doc/src/crypto_app.xml | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/lib/crypto/doc/src/crypto_app.xml b/lib/crypto/doc/src/crypto_app.xml index 2b9e505988..a958bdfcb7 100644 --- a/lib/crypto/doc/src/crypto_app.xml +++ b/lib/crypto/doc/src/crypto_app.xml @@ -41,14 +41,34 @@ <section> <title>DEPENDENCIES</title> - <p>The current crypto implementation uses nifs to interface OpenSSLs crypto library - and requires <em>OpenSSL</em> package version 0.9.8 or higher.</p> + <p>The current crypto implementation uses nifs to interface + OpenSSLs crypto library and requires <em>OpenSSL</em> package + version 0.9.8 or higher. FIPS mode support requires at least + version 1.0.1 and a FIPS capable OpenSSL installation.</p> + <p>Source releases of OpenSSL can be downloaded from the <url href="http://www.openssl.org">OpenSSL</url> project home page, or mirror sites listed there. </p> </section> <section> + <title>CONFIGURATION</title> + <p>The following configuration parameters are defined for the + crypto application. See <c>app(3)</c> for more information about + configuration parameters.</p> + <taglist> + <tag><c>fips_mode = boolean()</c></tag> + <item> + <p>Specifies whether to run crypto in FIPS mode. This setting + will take effect when the nif module is loaded. If FIPS mode + is requested but not available at run time the nif module and + thus the crypto module will fail to load. This mechanism + prevents the accidental use of non-validated algorithms.</p> + </item> + </taglist> + </section> + + <section> <title>SEE ALSO</title> <p>application(3)</p> </section> |