doc: simplify and clarify FIPS text in BUILDING.md

PR-URL: https://github.com/nodejs/node/pull/17538 Fixes: https://github.com/nodejs/node/issues/17536 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-By: Jon Moss <me@jonathanmoss.me>
2017-12-07 14:49:57 -08:00 · 2017-12-07 14:49:57 -08:00 · 4426d75ede
commit 4426d75ede
parent 9f55eac346
1 changed files with 6 additions and 10 deletions
--- a/BUILDING.md
+++ b/BUILDING.md
@ -347,17 +347,13 @@ as `deps/icu` (You'll have: `deps/icu/source/...`)

 ## Building Node.js with FIPS-compliant OpenSSL

-NOTE: Windows is not yet supported
+It is possible to build Node.js with the
+[OpenSSL FIPS module](https://www.openssl.org/docs/fipsnotes.html) on POSIX
+systems. Windows is not supported.

-It is possible to build Node.js with
-[OpenSSL FIPS module](https://www.openssl.org/docs/fipsnotes.html).
-
-**Note**: building in this way does **not** allow you to claim that the
-runtime is FIPS 140-2 validated. Instead you can indicate that the runtime
-uses a validated module. See the
-[security policy](http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf)
-page 60 for more details. In addition, the validation for the underlying module
-is only valid if it is deployed in accordance with its
+Building in this way does not mean the runtime is FIPS 140-2 validated, but
+rather that the runtime uses a validated module. In addition, the validation for
+the underlying module is only valid if it is deployed in accordance with its
 [security policy](http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf).
 If you need FIPS validated cryptography it is recommended that you read both
 the [security policy](http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf)