-
Notifications
You must be signed in to change notification settings - Fork 18.3k
Description
Proposal Details
Currently, the Go cryptography modules do not enforce strict FIPS 140 compliance when FIPS mode is enabled. This is generally beneficial, as strict enforcement can lead to application incompatibility. For users who require strict compliance, the fips140=only
GODEBUG setting is available. Additionally, issue #74630 suggests that more granular control may be supported in the future.
However, this flexible approach is not consistently applied across the standard library. Specifically, the crypto/tls
package enforces strict FIPS 140 compliance when the fips140=on
GODEBUG is set, limiting TLS versions, cipher suites, curves, and signature algorithms to only those that are FIPS-approved.
I have received feedback from users expressing concerns about this strict behavior. The current all-or-nothing enforcement model negatively impacts interoperability in certain environments.
I suggest updating crypto/tls
to follow the same approach as other cryptographic packages: allow all algorithms and configurations by default, even when GODEBUG=fips140=on
is set. This proposal pertains only to the blocking of algorithms and configurations—not their prioritization. It may still be appropriate to prefer FIPS-compliant options when FIPS mode is enabled.
I'm unsure whether this change would be considered a breaking change under the Go compatibility policy. If so, an alternative could be to introduce a new GODEBUG setting to preserve the current behavior for users who depend on it.
@golang/security