Module fips

FIPS support

To use rustls with OpenSSL in FIPS mode, perform the following actions.

1. Enable the fips feature

This removes non-FIPS-approved cipher suites and key exchanges.

2. Specify require_ems when constructing rustls::ClientConfig or rustls::ServerConfig

See rustls documentation for rationale.

3. Enable FIPS mode for OpenSSL

See enable().

4. Validate the FIPS status of your ClientConfig or ServerConfig at runtime

See rustls documenation on FIPS.

Functions

enable

Enable FIPS mode for OpenSSL.