MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-29 13:28:17 -05:00
Code Issues Packages Projects Releases Wiki Activity

fips: enforce FIPS-compliant TLS ciphers in FIPS mode (#20131)

Browse Source 
This commit enforces FIPS-compliant TLS ciphers in FIPS mode
by importing the `fipsonly` module.

Otherwise, MinIO still accepts non-FIPS compliant TLS connections.
This commit is contained in:
Andreas Auernhammer
2024-07-23 12:11:25 +02:00
committed by GitHub
parent b3a94c4e85
commit 4f5dded4d4
4 changed files with 3 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/fips/api.go
View File

@@ -138,10 +138,6 @@ func TLSCurveIDs() []tls.CurveID {
if !Enabled {
curves = append(curves, tls.X25519) // Only enable X25519 in non-FIPS mode
}
curves = append(curves, tls.CurveP256)
if go19 {
// With go1.19 enable P384, P521 newer constant time implementations.
curves = append(curves, tls.CurveP384, tls.CurveP521)
}
curves = append(curves, tls.CurveP256, tls.CurveP384, tls.CurveP521)
return curves
}