1 diff -up openssl-0.9.8j/README.warning openssl-0.9.8j/README
2 --- openssl-0.9.8j/README.warning 2009-01-07 11:50:53.000000000 +0100
3 +++ openssl-0.9.8j/README 2009-01-14 17:43:02.000000000 +0100
5 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
11 + This version of OpenSSL is built in a way that supports operation in
12 + the so called FIPS mode. Note though that the library as we build it
13 + is not FIPS validated and the FIPS mode is present for testing purposes
16 + This version also contains a few differences from the upstream code
18 + * The FIPS integrity verification check is implemented differently
19 + from the upstream FIPS validated OpenSSL module. It verifies
20 + HMAC-SHA256 checksum of the whole libcrypto shared library.
21 + * The module respects the kernel FIPS flag /proc/sys/crypto/fips and
22 + tries to initialize the FIPS mode if it is set to 1 aborting if the
23 + FIPS mode could not be initialized. It is also possible to force the
24 + OpenSSL library to FIPS mode especially for debugging purposes by
25 + setting the environment variable OPENSSL_FORCE_FIPS_MODE.
26 + * If the environment variable OPENSSL_NO_DEFAULT_ZLIB is set the module
27 + will not automatically load the built in compression method ZLIB
28 + when initialized. Applications can still explicitely ask for ZLIB
30 + * There is added a support for EAP-FAST through TLS extension. This code
31 + is backported from OpenSSL upstream development branch.