You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is not FIPS compliant (assuming you mean the usual FIP 140-2 and 140-3). We use the Go native TLS stack. We have no current plans to support FIPS. Any company contributing to NATS is of course welcome to develop support and contribute it, but we'd view the contribution very carefully and it might not be merged.
There are enough problems with FIPS variants of the main TLS algorithms that we believe that FIPS support is detrimental to product security and dangerous to try to support. Such a deliberate weakening has knock-on consequences everywhere. So a contribution to provide a FIPS mode would need to address this concern. It's also been a while since I looked at this, so it's possible that our using a minimum version of TLS 1.2 means that a lot of the old problems are mitigated.
The text was updated successfully, but these errors were encountered:
Originally posted by @philpennock in nats-io/nats-server#2200 (comment)
The text was updated successfully, but these errors were encountered: