Module _06_fips

Expand description

This section provides guidance on using rustls with FIPS-approved cryptography.

§Using rustls with FIPS-approved cryptography

To use FIPS-approved cryptography with rustls, you should use a FIPS-approved CryptoProvider. The easiest way to do this is to use the the rustls-aws-lc-rs crate with the fips feature enabled.

§1. Enable the `fips` crate feature for rustls-aws-lc-rs:

Use:

rustls = { version = "0.24" }
rustls-aws-lc-rs = { version = "0.1", features = ["fips"] }

§2. Use the FIPS `CryptoProvider`

Instantiate your ClientConfig or ServerConfig using the FIPS CryptoProvider.

§3. Validate the FIPS status of your `ClientConfig`/`ServerConfig` at run-time

See ClientConfig::fips() or ServerConfig::fips().

You could, for example:

assert!(client_config.fips());

But maybe your application has an error handling or health-check strategy better than panicking.

Module _06_fips

Module _06_fips Copy item path

§Using rustls with FIPS-approved cryptography

§1. Enable the fips crate feature for rustls-aws-lc-rs:

§2. Use the FIPS CryptoProvider

§3. Validate the FIPS status of your ClientConfig/ServerConfig at run-time

Module _06_fips

§1. Enable the `fips` crate feature for rustls-aws-lc-rs:

§2. Use the FIPS `CryptoProvider`

§3. Validate the FIPS status of your `ClientConfig`/`ServerConfig` at run-time