aboutsummaryrefslogtreecommitdiffstats
path: root/lib/crypto/doc/src/crypto_app.xml
diff options
context:
space:
mode:
authorHans Nilsson <[email protected]>2016-10-11 16:01:24 +0200
committerHans Nilsson <[email protected]>2016-10-11 16:01:24 +0200
commitfec3e5165d2583969770114cc14d0e39a422d61a (patch)
treef6e8dff23a24e3ba32a05af739ef28220aecd6ca /lib/crypto/doc/src/crypto_app.xml
parent301c8e78a1445c0d0080fdb758a3b9e8140fb626 (diff)
parent0411d5492319a5bc555247a3f783aaa421b4f31c (diff)
downloadotp-fec3e5165d2583969770114cc14d0e39a422d61a.tar.gz
otp-fec3e5165d2583969770114cc14d0e39a422d61a.tar.bz2
otp-fec3e5165d2583969770114cc14d0e39a422d61a.zip
Merge branch 'legoscia/ssl_in_fips_mode/PR-1180/OTP-13921'
Conflicts: lib/crypto/c_src/crypto.c lib/ssl/src/ssl_cipher.erl
Diffstat (limited to 'lib/crypto/doc/src/crypto_app.xml')
-rw-r--r--lib/crypto/doc/src/crypto_app.xml24
1 files changed, 22 insertions, 2 deletions
diff --git a/lib/crypto/doc/src/crypto_app.xml b/lib/crypto/doc/src/crypto_app.xml
index 2b9e505988..a958bdfcb7 100644
--- a/lib/crypto/doc/src/crypto_app.xml
+++ b/lib/crypto/doc/src/crypto_app.xml
@@ -41,14 +41,34 @@
<section>
<title>DEPENDENCIES</title>
- <p>The current crypto implementation uses nifs to interface OpenSSLs crypto library
- and requires <em>OpenSSL</em> package version 0.9.8 or higher.</p>
+ <p>The current crypto implementation uses nifs to interface
+ OpenSSLs crypto library and requires <em>OpenSSL</em> package
+ version 0.9.8 or higher. FIPS mode support requires at least
+ version 1.0.1 and a FIPS capable OpenSSL installation.</p>
+
<p>Source releases of OpenSSL can be downloaded from the <url href="http://www.openssl.org">OpenSSL</url> project home page,
or mirror sites listed there.
</p>
</section>
<section>
+ <title>CONFIGURATION</title>
+ <p>The following configuration parameters are defined for the
+ crypto application. See <c>app(3)</c> for more information about
+ configuration parameters.</p>
+ <taglist>
+ <tag><c>fips_mode = boolean()</c></tag>
+ <item>
+ <p>Specifies whether to run crypto in FIPS mode. This setting
+ will take effect when the nif module is loaded. If FIPS mode
+ is requested but not available at run time the nif module and
+ thus the crypto module will fail to load. This mechanism
+ prevents the accidental use of non-validated algorithms.</p>
+ </item>
+ </taglist>
+ </section>
+
+ <section>
<title>SEE ALSO</title>
<p>application(3)</p>
</section>