<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>


<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">

<p class="details" style="font-style: italic; color: #777;">
<a href="https://gitlab.com/asosedkin">Alexander Sosedkin</a> created an issue <a href="https://gitlab.com/gnutls/gnutls/-/issues/1039">#1039</a>:
</p>
<div></div>
<p dir="auto">doc/cha-internals.texi#L691 has the following claim:</p>
<blockquote dir="auto">
<p>When the FIPS140-2 mode is enabled, The operation of the library is in addition modified as follows.</p>
<ul>
<li>Only approved by FIPS140-2 algorithms are enabled</li>
</ul>
</blockquote>
<p dir="auto">As far as I understand, this is mostly true, as in, ciphers and MACs usage is restricted, but not, e.g., curve selection. But the doc text might leave the impression that the imposted restrictions are comprehensive.</p>
<p dir="auto">I suppose that either the wording should be amended to clarify the extent of the restrictions in place, or the library behaviour should be extended to restrict more of its functionality when in FIPS mode.</p>

</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777;">
—
<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/issues/1039">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/-/sent_notifications/9eb0973b2696d0334e6d6890a831d7d4/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/-/issues/1039"}}</script>


</p>
</div>
</body>
</html>