The FIPS documentation for Node isn't clear for how it is supposed to behave with the tls module. Is FIPS mode only supported for the crypto module?
Node.js version
Node.js v20.11.1
Example code
Calling
crypto.setFips(1)
followed by
tls.createServer(options, (socket)
results in the following stack trace:
Error: error:0308010C:digital envelope routines::unsupported
at new Hash (node:internal/crypto/hash:68:19)
at Object.createHash (node:crypto:138:10)
at Server.setSecureContext (node:_tls_wrap:1472:14)
at new Server (node:_tls_wrap:1350:8)
at Object.createServer (node:_tls_wrap:1385:10)
Details
If you enable FIPS mode prior to attempting to create a TLS server, the following usage of SHA1 is blocked by OpenSSL causing the TLS server to fail to come up: https://github.com/nodejs/node/blob/v20.x/lib/_tls_wrap.js#L1472
The FIPS documentation for Node isn't clear for how it is supposed to behave with the tls module. Is FIPS mode only supported for the crypto module?
Node.js version
Node.js v20.11.1
Example code
Calling
crypto.setFips(1)
followed bytls.createServer(options, (socket)
results in the following stack trace:
Error: error:0308010C:digital envelope routines::unsupported at new Hash (node:internal/crypto/hash:68:19) at Object.createHash (node:crypto:138:10) at Server.setSecureContext (node:_tls_wrap:1472:14) at new Server (node:_tls_wrap:1350:8) at Object.createServer (node:_tls_wrap:1385:10)
Operating system
Linux
Scope
Runtime
Module and version
Not applicable.