Crypto/tls - tls.CipherSuites() - FIPS compliance

The documentation for tls.CipherSuites() function says “CipherSuites returns a list of cipher suites currently implemented by this package, excluding those with security issues, which are returned by InsecureCipherSuites.” - Does any one if the cipher suites returned are FIPS compliant?


Disclaimer: I am not a security expert; more like a security novice.

The specifications of some of the returned *CipherSuites might be FIPS compliant, but I don’t think the Go implementations are necessarily FIPS compliant. It looks like earlier this year, Go added support for BoringSSL which seems to be FIPS compliant, but you have to opt into using it. My understanding after reading some of the source code here is you have to:

  1. Add import _ "crypto/tls/fipsonly" somewhere in your .go files.
  2. Add the GOEXPERIMENT=boringcrypto environment flag when building your project.

This seems to be experimental, so I don’t know how reliable the implementation is.

Thank you @skillian for your quick reply.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.