MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-22 10:37:42 -05:00
Code Issues Packages Projects Releases Wiki Activity

config: enforce AES-GCM in FIPS mode (#12265)

Browse Source 
This commit enforces the usage of AES-256
for config and IAM data en/decryption in FIPS
mode.

Further, it improves the implementation of
`fips.Enabled` by making it a compile time
constant. Now, the compiler is able to evaluate
the any `if fips.Enabled { ... }` at compile time
and eliminate unused code.

Signed-off-by: Andreas Auernhammer <aead@mail.de>
This commit is contained in:
Andreas Auernhammer
2021-05-10 17:24:11 +02:00
committed by GitHub
parent 2d79d6d847
commit c03a06cca8
5 changed files with 18 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/http/server.go
View File

@@ -173,7 +173,7 @@ func NewServer(addrs []string, handler http.Handler, getCert certs.GetCertificat
NextProtos: []string{"http/1.1", "h2"},
GetCertificate: getCert,
}
if secureCiphers || fips.Enabled() {
if secureCiphers || fips.Enabled {
tlsConfig.CipherSuites = fips.CipherSuitesTLS()
tlsConfig.CurvePreferences = fips.EllipticCurvesTLS()
}