How widespread in ziti is the adoption of the Bring Your Favorite Engine (BYFE) concept?
I quick review of the go components suggest that it maybe targeted strictly to the clients.
~ Tom
The Go components are generally built to be pluggable, so someone could provide a link implementation or an edge listener which used a different TLS provider than the default. However, no one has done that so far. Our next work in this area will likely be in trying to provide DTLS implementations rather than different implementations of TLS.
Hope that’s helpful,
Paul
Would this post not be an implementation of BYFE - FIPS Compliance - #3 by ccravens?? I know several users of OpenZiti which have implemented FIPs compliant versions of Ziti which I assumed used BYFE…
It seems if a package links against tlsuv, you get BYFE; otherwise, it is whatever the default is.
Go is an interesting case study as third-party dependencies, such as Resty, bring in TLS.
~ Tom
Since the dependency is deep, maybe the better option is GitHub - golang/go at dev.boringcrypto, which maps crypto/* to boringssl.
Seems like a good option to investigate 