Hello Mike:
We discussed on our side this morning and we’re going to take some stabs at this as we’ve been working FIPS implementation for a few years now on various open source stacks. Our current FIPS environment looks like this:
- FIPS-enabled Operating System (RHEL 8 / CentOS Stream 8)
- Running a FIPS-compliant RKE2 Kubernetes Distro (FIPS 140-2 Enablement - RKE2 - Rancher's Next Generation Kubernetes Distribution)
- Running a hardened & FIPS-Enabled docker container
- Running a FIPS-Enabled Go Build of our ziti fork (GitHub - Analytics-HQ/ziti: The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network)
Things we’re looking at is a FIPS-compliant Go version using Google’s BoringSSL
We’ll relay an issues we come across with this and would like to contribute updates back to OpenZiti if possible. Thanks!