rustls/manual/fips.rs
1/*! # Using rustls with FIPS-approved cryptography
2
3To use FIPS-approved cryptography with rustls, you should use a FIPS-approved `CryptoProvider`.
4The easiest way to do this is to use the the `rustls-aws-lc-rs` crate with the `fips` feature enabled.
5
6## 1. Enable the `fips` crate feature for rustls-aws-lc-rs:
7
8Use:
9
10```toml
11rustls = { version = "0.24" }
12rustls-aws-lc-rs = { version = "0.1", features = ["fips"] }
13```
14
15## 2. Use the FIPS `CryptoProvider`
16
17Instantiate your `ClientConfig` or `ServerConfig` using the FIPS `CryptoProvider`.
18
19## 3. Validate the FIPS status of your `ClientConfig`/`ServerConfig` at run-time
20
21See [`ClientConfig::fips()`] or [`ServerConfig::fips()`].
22
23You could, for example:
24
25```rust,ignore
26# let client_config = unreachable!();
27assert!(client_config.fips());
28```
29
30But maybe your application has an error handling or health-check strategy better than panicking.
31
32[`CryptoProvider`]: crate::crypto::CryptoProvider
33[`ClientConfig::fips()`]: crate::client::ClientConfig::fips
34[`ServerConfig::fips()`]: crate::server::ServerConfig::fips
35*/