Skip to main content
Redhat Developers  Logo
  • Products

    Platforms

    • Red Hat Enterprise Linux
      Red Hat Enterprise Linux Icon
    • Red Hat AI
      Red Hat AI
    • Red Hat OpenShift
      Openshift icon
    • Red Hat Ansible Automation Platform
      Ansible icon
    • View All Red Hat Products

    Featured

    • Red Hat build of OpenJDK
    • Red Hat Developer Hub
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenShift Dev Spaces
    • Red Hat OpenShift Local
    • Red Hat Developer Sandbox

      Try Red Hat products and technologies without setup or configuration fees for 30 days with this shared Openshift and Kubernetes cluster.
    • Try at no cost
  • Technologies

    Featured

    • AI/ML
      AI/ML Icon
    • Linux
      Linux Icon
    • Kubernetes
      Cloud icon
    • Automation
      Automation Icon showing arrows moving in a circle around a gear
    • View All Technologies
    • Programming Languages & Frameworks

      • Java
      • Python
      • JavaScript
    • System Design & Architecture

      • Red Hat architecture and design patterns
      • Microservices
      • Event-Driven Architecture
      • Databases
    • Developer Productivity

      • Developer productivity
      • Developer Tools
      • GitOps
    • Automated Data Processing

      • AI/ML
      • Data Science
      • Apache Kafka on Kubernetes
    • Platform Engineering

      • DevOps
      • DevSecOps
      • Ansible automation for applications and services
    • Secure Development & Architectures

      • Security
      • Secure coding
  • Learn

    Featured

    • Kubernetes & Cloud Native
      Openshift icon
    • Linux
      Rhel icon
    • Automation
      Ansible cloud icon
    • AI/ML
      AI/ML Icon
    • View All Learning Resources

    E-Books

    • GitOps Cookbook
    • Podman in Action
    • Kubernetes Operators
    • The Path to GitOps
    • View All E-books

    Cheat Sheets

    • Linux Commands
    • Bash Commands
    • Git
    • systemd Commands
    • View All Cheat Sheets

    Documentation

    • Product Documentation
    • API Catalog
    • Legacy Documentation
  • Developer Sandbox

    Developer Sandbox

    • Access Red Hat’s products and technologies without setup or configuration, and start developing quicker than ever before with our new, no-cost sandbox environments.
    • Explore Developer Sandbox

    Featured Developer Sandbox activities

    • Get started with your Developer Sandbox
    • OpenShift virtualization and application modernization using the Developer Sandbox
    • Explore all Developer Sandbox activities

    Ready to start developing apps?

    • Try at no cost
  • Blog
  • Events
  • Videos

Go and FIPS 140-2 on Red Hat Enterprise Linux

June 24, 2019
Derek Parker
Related topics:
LinuxSecurityGo
Related products:
Red Hat Enterprise Linux

Share:

    Red Hat provides the Go programming language to Red Hat Enterprise Linux customers via the go-toolset package. If this package is new to you, and you want to learn more, check out some of the previous articles that have been written for some background.

    The go-toolset package is currently shipping Go version 1.11.x, with Red Hat planning to ship 1.12.x in Fall 2019. Currently, the go-toolset package only provides the Go toolchain (e.g., the compiler and associated tools like gofmt); however, we are looking into adding other tools to provide a more complete and full-featured Go development environment.

    In this article, I will talk about some of the improvements, changes, and exciting new features for go-toolset that we have been working on. These changes bring many upstream improvements and CVE fixes, as well as new features that we have been developing internally alongside upstream.

    FIPS 140-2 validated cryptography

    We are excited to announce that we plan to ship go-toolset with a new feature that allows Go to bypass the standard library cryptographic routines and instead call into a FIPS 140-2 validated cryptographic library. When your RHEL system is booted in FIPS mode, Go will instead call into OpenSSL via a new package that bridges between Go and OpenSSL. You can also enable it manually by setting GOLANG_FIPS=1 in your environment.

    This new feature builds on top of pre-existing upstream work (which instead calls into BoringSSL) and adds a few new features such as:

    • Ability to call into OpenSSL (v1.0.2 and v1.1.1)
    • Adherence to modern, up-to-date FIPS standards
    • Runtime detection of systems FIPS settings
    • Ability to enable FIPS mode manually
    • Stricter TLS that automatically uses only FIPS-approved ciphers
    • And more to come!

    This new feature of using OpenSSL for cryptography is only enabled if your system is booted in FIPS mode or if you explicitly enable it via GOLANG_FIPS=1; otherwise, there is no change and the standard library cryptography will be used. If you want to opt out of this feature altogether, you can build your programs with -tags no_openssl to disable it completely and build using pure upstream standard library cryptography. We are continuing to develop this feature and intend to propose new functionality in Go 2 to allow for using a FIPS-validated cryptographic module in a standardized way.

    Using go-toolset

    Getting started on RHEL7

    First, enable the correct repos:

    yum-config-manager --enable rhel-7-server-devtools-rpms && \
    yum-config-manager --enable rhel-7-server-rpms && \
    yum-config-manager --enable rhel-7-server-optional-rpms

    Next, install the package:

    yum install -y go-toolset-1.11

    Package go-toolset in RHEL7 provides Go as a Software Collection. To use the version of Go you have installed, you must enable it:

    scl enable go-toolset-1.11 go version

    Getting started on RHEL8

    For RHEL8, go-toolset is provided via the AppStream. To get started, simply type:

    yum install go-toolset

    This will install the Go 1.11.x toolchain.

    Notice that you do not have to specify the major.minor version as in RHEL7. Because the go-toolset is being shipped as a module in the AppStream, you are automatically subscribed to the RHEL8 stream, meaning any updates to the Go toolchain shipped on that stream are delivered directly to you.

    Additionally, the RHEL8 module is no longer a Software Collection. This means that in order to use your newly installed Go toolchain, you simply use the Go command as normal:

    go version

    Opting out

    To completely bypass and compile out all of these changes, you can build your programs with -tags no_openssl.

    For example:

    go build -tags no_openssl

    Wrapping up

    Here at Red Hat, we work hard to improve the tools our customers use by both providing and innovating new features and contributing back to the community. Stay tuned for updates on this work and more exciting news related to Go!

    Last updated: June 21, 2019

    Recent Posts

    • Skopeo: The unsung hero of Linux container-tools

    • Automate certificate management in OpenShift

    • Customize RHEL CoreOS at scale: On-cluster image mode in OpenShift

    • How to set up KServe autoscaling for vLLM with KEDA

    • How I used Cursor AI to migrate a Bash test suite to Python

    Red Hat Developers logo LinkedIn YouTube Twitter Facebook

    Platforms

    • Red Hat AI
    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    • See all products

    Build

    • Developer Sandbox
    • Developer Tools
    • Interactive Tutorials
    • API Catalog

    Quicklinks

    • Learning Resources
    • E-books
    • Cheat Sheets
    • Blog
    • Events
    • Newsletter

    Communicate

    • About us
    • Contact sales
    • Find a partner
    • Report a website issue
    • Site Status Dashboard
    • Report a security problem

    RED HAT DEVELOPER

    Build here. Go anywhere.

    We serve the builders. The problem solvers who create careers with code.

    Join us if you’re a developer, software engineer, web designer, front-end designer, UX designer, computer scientist, architect, tester, product manager, project manager or team lead.

    Sign me up

    Red Hat legal and privacy links

    • About Red Hat
    • Jobs
    • Events
    • Locations
    • Contact Red Hat
    • Red Hat Blog
    • Inclusion at Red Hat
    • Cool Stuff Store
    • Red Hat Summit
    © 2025 Red Hat

    Red Hat legal and privacy links

    • Privacy statement
    • Terms of use
    • All policies and guidelines
    • Digital accessibility

    Report a website issue