From 8e4cb1bbca1145278fb71c22bb81062f3b4053f2 Mon Sep 17 00:00:00 2001 From: Rich Trott Date: Thu, 7 Dec 2017 14:49:57 -0800 Subject: [PATCH] doc: simplify and clarify FIPS text in BUILDING.md PR-URL: https://github.com/nodejs/node/pull/17538 Fixes: https://github.com/nodejs/node/issues/17536 Reviewed-By: Luigi Pinca Reviewed-By: Michael Dawson Reviewed-By: Jon Moss --- BUILDING.md | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/BUILDING.md b/BUILDING.md index eaf819f0211277..120eb3f4461d40 100644 --- a/BUILDING.md +++ b/BUILDING.md @@ -351,17 +351,13 @@ as `deps/icu` (You'll have: `deps/icu/source/...`) ## Building Node.js with FIPS-compliant OpenSSL -NOTE: Windows is not yet supported +It is possible to build Node.js with the +[OpenSSL FIPS module](https://www.openssl.org/docs/fipsnotes.html) on POSIX +systems. Windows is not supported. -It is possible to build Node.js with -[OpenSSL FIPS module](https://www.openssl.org/docs/fipsnotes.html). - -**Note**: building in this way does **not** allow you to claim that the -runtime is FIPS 140-2 validated. Instead you can indicate that the runtime -uses a validated module. See the -[security policy](http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf) -page 60 for more details. In addition, the validation for the underlying module -is only valid if it is deployed in accordance with its +Building in this way does not mean the runtime is FIPS 140-2 validated, but +rather that the runtime uses a validated module. In addition, the validation for +the underlying module is only valid if it is deployed in accordance with its [security policy](http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf). If you need FIPS validated cryptography it is recommended that you read both the [security policy](http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf)