Go and FIPS 140 July update
The official Go blog announcement, GOFIPS140=inprocess, and Go 1.25.
Go blog announcement
Now that the module reached the Modules In Process, we have announced the native FIPS 140-3 mode on the Go blog.
The FIPS 140-3 Go Cryptographic Module ・ The Go Blog
GOFIPS140=inprocess
Starting with Go 1.24.3, you can also use GOFIPS140=inprocess as an alias that will always point to the latest In Process module.
Go 1.25
Go 1.25 has reached the second release candidate, and will be released in early August. Go 1.25 will ship with the Go Cryptographic Module v1.0.0 just like Go 1.24. Applications will be able to update from day zero!
You can read the draft release notes. Here are the FIPS 140-3 specific changes:
When FIPS 140-3 mode is enabled, Extended Master Secret is now required in TLS 1.2, and Ed25519 and X25519MLKEM768 are now allowed in TLS 1.3.
Changing the
fips140GODEBUG setting after the program has started (i.e. withos.Setenv) is now a no-op. Previously, it was documented as not allowed, and could cause a panic if changed.When FIPS 140-3 mode is enabled, ECDSA and Ed25519 signing is now four times faster, matching the performance of non-FIPS mode.
All changes are outside of the module boundary, so they apply retroactively to GOFIPS140=v1.0.0 as well!
I am especially happy about the Ed25519 and ECDSA improvement, since it bridges one of the last avoidable gaps in performance between FIPS and non-FIPS mode.
The TLS changes relax the profile from SP 800-52r2 (which is only applicable to federal agencies) to allowing all FIPS 140-3 approved algorithms, crucially including the post-quantum hybrid X25519MLKEM768, which is part of our v1.0.0 validation.
MIP list scraper
They say a watched pot never boils, but maybe if it's watched by a bot?
As we all wait for the Go Cryptographic Module v1.0.0 to move through the Modules In Process queue, this simple scraper updates every day with the number of modules ahead of us in the queue.