DGS-22768 Update FIPS documentation for 140-3 compliance#2119

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Jump to bottom

Open

kcorman0 wants to merge2 commits intomaster

base:master

Choose a base branch

fromkipp/fips-140-3

Open

DGS-22768 Update FIPS documentation for 140-3 compliance#2119

kcorman0 wants to merge2 commits intomasterfromkipp/fips-140-3

+17 −6

Conversation

Copy link

Member

kcorman0 commentedOct 31, 2025

What

FIPS 140-3 (newest) requires a newer openssl version, updating documentation around this. Also went through SR dependencies and believe they're still compliant.

Probably need a +1 from clients team for non-SR aspect of this client as the change implies entire client is 140-3 compliant.

Checklist

[N] Contains customer facing changes? Including API/behavior changes
[Y] Did you add sufficient unit test and/or integration test coverage for this PR?
- If not, please explain why it is not required

References

JIRA:

Test & Review

Open questions / Follow-ups

fips 140-3 for SR checks

4f908de

CopilotAI review requested due to automatic review settings

October 31, 2025 20:23

kcorman0 requested review froma team andMSeal ascode owners

October 31, 2025 20:23

Copy link

confluent-cla-assistantbot commentedOct 31, 2025

🎉 All Contributor License Agreements have been signed. Ready to merge.
_{Please push an empty commit if you would like to re-run the checks to verify CLA status for all contributors.}

CopilotAI reviewed

Oct 31, 2025

View reviewed changes

Copy link

CopilotAI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Pull Request Overview

This PR updates FIPS documentation to support FIPS 140-3 compliance by clarifying the differences between FIPS 140-2 and FIPS 140-3, updating OpenSSL version requirements, and providing clearer guidance for new deployments.

Updated OpenSSL version requirements to support both FIPS 140-2 (OpenSSL 3.0.x) and FIPS 140-3 (OpenSSL 3.1.2+)
Added recommendation for FIPS 140-3 for new deployments due to upcoming federal procurement requirements
Updated configuration examples and links to point to the newer OpenSSL version

💡Add Copilot custom instructions for smarter, more guided reviews.Learn how to get started.