-
Notifications
You must be signed in to change notification settings - Fork 134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing OpenSSL strategy for v20 and beyond #1465
Comments
Your question is really one for Red Hat, especially since you're running with FIPS enabled (on RHEL/UBI 8 you'll need to be using the nodejs rpms from AppStream which are linked against RHEL/UBI 8's openssl 1.1.1 for FIPS). Node.js has never officially supported FIPS on modified OpenSSL 1.1.1 (upstream OpenSSL had no FIPS support for OpenSSL 1.1.1 -- that was added by Linux vendors such as Red Hat and Ubuntu to their own distributions). The release notes for RHEL 8.9 beta call out Node.js 20: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8-beta/html/8.9_release_notes/technology-previews#technology-previews-dynamic-programming-languages-web-and-database-servers |
Hi Richard, thank you. Understood. Another question for RHEL 9.X. I believe OpenSSL 3.X gets default in there, and want to consume it along with Node.js v20. According to this section, is it true that Node.js v20 supports FIPS with OpenSSL 3.x, is my understanding correct? Asking since this doc is missing explanation on Node.js 20 and beyond - back to the original question.. |
Yes. |
I'm ok to close this issue though hoping strategy will be updated accordingly, since that document is a kind of official source on which developers and engineers are dependent. |
I think leaving it open makes sense. It would be nice to have it updated, and this is a reminder if somebody has time to get to it. |
Hi team,
I'm following this documentation to understand the strategy for OpenSSL, but it is missing versions specific in Node.js v20 and beyond. Could someone please take a look to add that section if we had already something?
https://github.com/nodejs/TSC/blob/main/OpenSSL-Strategy.md
Background of this ask is, my application is running in Node.js v18 FIPS enabled on ubi8 image from RedHat with OpenSSL 1.1.1 FIPS. And currently I cannot move to ubi9 due to some internal restrictions. According to this comment,
I'm just curios if Node.js v20 can be with OpenSSL 1.1.1 as is in v18, and until when can it be with OpenSSL 1.1.1. Of course I acknowledge to update OpenSSL to v3. Thanks in advance!
The text was updated successfully, but these errors were encountered: