Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[fips] add startup and HTTPS FIPS mode logging for rustls #5489

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
igorscs merged 3 commits into from
Jan 22, 2026
Merged

[fips] add startup and HTTPS FIPS mode logging for rustls #5489

igorscs merged 3 commits into from
Jan 22, 2026

Conversation

@igorscs
Copy link
Contributor

@igorscs igorscs commented Jan 22, 2026

Generate logs to validate that FIPS cryptographic module is enabled at runtime for client/server connections, as recommended in step 3 of https://docs.rs/rustls/latest/rustls/manual/_06_fips/index.html

Log examples:

Startup log (no HTTPS needed):

  • Linux, FIPS enabled:

INFO Rustls startup default provider: FIPS is enabled for cryptography.

  • Linux, FIPS disabled:

WARN Rustls startup default provider: FIPS is disabled for cryptography.

  • macOS:

INFO Rustls startup default provider: FIPS is disabled for cryptography (non-Linux build).

HTTPS logs (only if HTTPS is enabled):

  • Linux, FIPS enabled:
  INFO Rustls HTTPS server config: FIPS is enabled for connections.
  INFO Rustls HTTPS client config: FIPS is enabled for connections.
  • Linux, FIPS disabled:
  WARN Rustls HTTPS server config: FIPS is disabled for connections.
  WARN Rustls HTTPS client config: FIPS is disabled for connections.
  • macOS:
  INFO Rustls HTTPS server config: FIPS is disabled for connections (non-Linux build).
  INFO Rustls HTTPS client config: FIPS is disabled for connections (non-Linux build).

Checklist

  • Documentation updated
  • Changelog updated

Breaking Changes?

Mark if you think the answer is yes for any of these components:

Describe Incompatible Changes

Add a few sentences describing the incompatible changes if any.

[fips] add startup and HTTPS FIPS mode logging for rustls
fc83374 
Generate logs to validate that FIPS cryptographic module is enabled
at runtime for client/server connections, as recomended in step 3 of
https://docs.rs/rustls/latest/rustls/manual/_06_fips/index.html
@igorscs igorscs requested review from blp and gz January 22, 2026 03:29
gz
gz approved these changes Jan 22, 2026
View reviewed changes
@igorscs @gz
Update crates/feldera-observability/src/fips.rs
4db8fa1 
Co-authored-by: Gerd Zellweger <[email protected]>
Signed-off-by: igorscs <[email protected]>
@igorscs igorscs self-assigned this Jan 22, 2026
@feldera-bot
[ci] apply automatic fixes
cffb8f1 
Signed-off-by: feldera-bot <[email protected]>
@igorscs igorscs added this pull request to the merge queue Jan 22, 2026
Merged via the queue into main with commit b692dfe Jan 22, 2026
1 check passed
@igorscs igorscs deleted the fips-check-runtime branch January 22, 2026 07:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gz gz gz approved these changes

@blp blp Awaiting requested review from blp

Assignees

@igorscs igorscs

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@igorscs @gz @feldera-bot