doc: simplify and clarify FIPS text in BUILDING.md

PR-URL: https://github.com/nodejs/node/pull/17538
Fixes: https://github.com/nodejs/node/issues/17536
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Jon Moss <me@jonathanmoss.me>
This commit is contained in:
Rich Trott 2017-12-07 14:49:57 -08:00
parent 9f55eac346
commit 4426d75ede

View File

@ -347,17 +347,13 @@ as `deps/icu` (You'll have: `deps/icu/source/...`)
## Building Node.js with FIPS-compliant OpenSSL
NOTE: Windows is not yet supported
It is possible to build Node.js with the
[OpenSSL FIPS module](https://www.openssl.org/docs/fipsnotes.html) on POSIX
systems. Windows is not supported.
It is possible to build Node.js with
[OpenSSL FIPS module](https://www.openssl.org/docs/fipsnotes.html).
**Note**: building in this way does **not** allow you to claim that the
runtime is FIPS 140-2 validated. Instead you can indicate that the runtime
uses a validated module. See the
[security policy](http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf)
page 60 for more details. In addition, the validation for the underlying module
is only valid if it is deployed in accordance with its
Building in this way does not mean the runtime is FIPS 140-2 validated, but
rather that the runtime uses a validated module. In addition, the validation for
the underlying module is only valid if it is deployed in accordance with its
[security policy](http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf).
If you need FIPS validated cryptography it is recommended that you read both
the [security policy](http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf)