GOEXPERIMENT=boringcrypto switches crypto packages to call BoringCrypto library. It is included as a precompiled object with Go distibution so can be linked to statically.
We want to have all binaries consistently built this way to get closer to FIPS 140 compliance.
I needed to change the ldflags in the .goreleaser.yaml as the default contains -s and we want to have symbol table preset as it is the only way how can verify that the binary is buit the way we want.
There's no obvious way how the toolchain version is specified so just FYI, GOEXPERIMENT=boringcrypto requires atleast Go 1.19.
GOEXPERIMENT=boringcryptoswitchescryptopackages to call BoringCrypto library. It is included as a precompiled object with Go distibution so can be linked to statically.We want to have all binaries consistently built this way to get closer to FIPS 140 compliance.
I needed to change the ldflags in the
.goreleaser.yamlas the default contains-sand we want to have symbol table preset as it is the only way how can verify that the binary is buit the way we want.There's no obvious way how the toolchain version is specified so just FYI,
GOEXPERIMENT=boringcryptorequires atleast Go 1.19.