diff --git a/gpdb-doc/dita/best_practices/encryption.xml b/gpdb-doc/dita/best_practices/encryption.xml
index ddbaaee57482287d4b9fb297c37bb7391712409c..5e66c3d29192473111310d62a6a2c1020681ceb3 100644
--- a/gpdb-doc/dita/best_practices/encryption.xml
+++ b/gpdb-doc/dita/best_practices/encryption.xml
@@ -110,11 +110,6 @@
script.
When compiled with zlib, pgcrypto encryption functions are able to
compress data before encrypting.
- You can enable support for Federal Information Processing Standards (FIPS) 140-2 in
- pgcrypto. FIPS 140-2 requires pgcrypto package version 1.2. The Greenplum Database
- pgcrypto.fips server configuration parameter controls the FIPS 140-2
- support in pgcrypto. See "Server Configuration Parameters" in the Greenplum Database
- Reference Guide.
Pgcrypto has various levels of encryption ranging from basic to advanced built-in
functions. The following table shows the supported encryption algorithms.
@@ -123,13 +118,11 @@
-
Value Functionality
Built-in
With OpenSSL
- OpenSSL with FIPSĀ 140-2
@@ -137,64 +130,54 @@
MD5
yes
yes
- no
SHA1
yes
yes
- no
SHA224/256/384/512
yes
yes SHA2 algorithms were added to OpenSSL in version 0.9.8. For older
versions, pgcrypto will use built-in code.
- yes
Other digest algorithms
no
yes Any digest algorithm OpenSSL supports is automatically picked up. This
is not possible with ciphers, which need to be supported explicitly.
- no
Blowfish
yes
yes
- no
AES
yes
yesAES is included in OpenSSL since version 0.9.7. For older versions,
pgcrypto will use built-in code.
- yes
DES/3DES/CAST5
no
yes
- yes3DES is supported, DES and CAST5 are not
Raw Encryption
yes
yes
- yes
PGP Symmetric-Key
yes
yes
- yes
PGP Public Key
yes
yes
- yes