I agree this is very good news. I don't have any visibility into the timing, but from watching other modules, I'd say it can be hard to predict how long it takes a module to proceed through the process. Up to a year maybe?
Have you looked at GOEXPERIMENT=boringcrypto and importing "crypto/tls/fipsonly"? Those might meet your immediate needs by using the CMVP BoringCrypto. I believe Microsoft also publishes some FIPS capable Go releases using external CMVP libraries. Regards, Mike On Tuesday, March 4, 2025 at 12:35:29 PM UTC-5 Jussi Nummelin wrote: > Hey, > > I was pleasantly surprised to see that from 1.24 onwards, Golang itself > will have/get FIPS support. > > It says on the description <https://go.dev/doc/security/fips140>: > > Go Cryptographic Module version v1.0.0 is currently under test with a > CMVP-accredited laboratory. > > Does anyone know any timeline expectations of when that testing would be > done and when Golang 1.24+ would have the "official" FIPS stamp on it? And > no, I'm not expecting anyone to really know a specific date but even a > rough estimate like "in the summertime", "next year" would greatly help us > decide whether we can wait for it or do we need to start working on some > custom solution, which would be less than desirable naturally. :D > > Cheers, > - Jussi - > > > > > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/golang-nuts/b289000e-dffd-4e5c-89c4-72cdaba110fan%40googlegroups.com.
