https://devblogs.microsoft.com/go/go-1-24-fips-update/ Skip to main content [RE1Mu3b] Microsoft Dev Blogs Dev Blogs Dev Blogs * Home * Developer + Microsoft for Developers + Visual Studio + Visual Studio Code + Develop from the cloud + All things Azure + DevOps + Windows Developer + Developer support + ISE Developer + Engineering@Microsoft + Azure SDK + Command Line + Perf and Diagnostics + React Native * Technology + AutoGen + DirectX + OpenAPI + Semantic Kernel + SurfaceDuo + Windows AI Platform * Languages + C++ + C# + F# + TypeScript + PowerShell Community + PowerShell Team + Python + JavaScript + Java + Java Blog in Chinese + Go * .NET + All .NET posts + .NET Aspire + .NET MAUI + AI + ASP.NET Core + Blazor + Entity Framework + Servicing + .NET Blog in Chinese * Platform Development + #ifdef Windows + Azure Government + Azure VM Runtime Team + Bing Dev Center + Microsoft Edge Dev + Microsoft Azure + Microsoft 365 Developer + Microsoft Entra Identity Developer Blog + Old New Thing + Power Platform + Windows MIDI and Music dev * Data Development + Azure Cosmos DB + Azure Data Studio + Azure SQL + OData + Revolutions R + SQL Server Data Tools + Unified Data Model (IDEAs) * More [ ] Search Search * No results Cancel * Dev Blogs * Microsoft for Go Developers * Microsoft Go 1.24 FIPS changes February 6th, 2025 Microsoft Go 1.24 FIPS changes Quim Muntal Quim Muntal Senior Software Engineer Show more The Go 1.24 cryptography packages have been through a heavy refactoring to allow the Go standard library to be FIPS 140-3 compliant. This was done per the proposal #69536: crypto: obtain a FIPS 140-3 validation. The benefit is that the FIPS 140-3 compliant cryptographic module is written in pure Go (and Go assembly) rather than using cgo or syscalls to call into third-party libraries. This is a major leap forward for the Go standard library, and it is a significant milestone for the Go community. Take a look at the Go FIPS 140-3 Compliance for more information. In Go 1.23, it's possible to use Go to build a FIPS-compliant application using GOEXPERIMENT=boringcrypto, but it's not supported for use outside of Google. This works by using cgo to link in the FIPS-certified BoringCrypto library. The cryptography packages then call into BoringCrypto to perform cryptographic operations. Microsoft Go takes an alternative approach to FIPS compliance: it uses system libraries to perform cryptographic operations. This premise hasn't changed in Microsoft Go 1.24, and it will continue using OpenSSL on Linux and CNG on Windows. Microsoft Go 1.24 also improves compatibility with Azure Linux and introduces preview support for macOS. We evaluated changing Microsoft Go to use the new Go FIPS module rather than system libraries. However, we ultimately determined that this approach doesn't align with Microsoft internal cryptography strategy and policies. We recommend, though, that Go developers requiring FIPS 140-3 compliance use the official Go FIPS module, once it is certified, if it fits their needs. Here are some more details about what's changed in Microsoft Go 1.24: FIPS configuration The Microsoft Go toolchain has been updated to accept the FIPS-related settings that have been added to the upstream Go toolchain. These new settings are preferred over the old ones, but the old ones are still supported until we remove them in Microsoft Go 1.25. These are the new environment variable settings: * GODEBUG=fips140=on (runtime setting) enables the FIPS 140-3 compliant cryptographic module. Supersedes GOFIPS=1, which is now deprecated. * GODEBUG=fips140=only (runtime setting) acts as on, but panics if a non-FIPS 140-3 compliant algorithm is used. This setting is partially supported in Go 1.24, and will be fully supported in Go 1.25. * GOFIPS140=latest (build setting) sets GODEBUG=fips140 to on by default. Replaces -tags=requirefips. To know more about these settings, please refer to the Microsoft Go FIPS documentation. Note that the Go runtime will automatically enter FIPS mode when running on a FIPS-compliant system, such as Azure Linux or Windows, so you don't need to set GODEBUG=fips140=on on those systems. New Platform: macOS support We are excited to announce that Microsoft Go 1.24 will include preview support for macOS system libraries. The FIPS-certified Common Crypto and CryptoKit libraries are now supported. This means that developers can leverage these libraries to perform cryptographic operations in a FIPS-compliant manner on macOS. The integration ensures that cryptographic functions are executed using the system's FIPS-certified libraries. To use these libraries, build your macOS application with the systemcrypto goexperiment. This support is currently experimental, and we are working to make it production-ready in Microsoft Go 1.25. Feedback is welcome, so please don't hesitate to file an issue! Enhanced Azure Linux 3 support Azure Linux is a Linux distribution for Microsoft's cloud infrastructure, edge products and services. One of the key features of Azure Linux is that it is FIPS 140-3 compliant out of the box thanks to using the SCOSSL (SymCrypt provider for OpenSSL) provider. Microsoft Go 1.24 has been improved to better support third-party OpenSSL providers like SCOSSL. Important fixes were also backported to 1.22 and 1.23. This allows Microsoft Go to take full advantage of the FIPS 140-3 compliant SymCrypt provider on Azure Linux. 1 0 0 * [facebook] Share on Facebook * Share on Twitter * [linkedin] Share on Linkedin Category Microsoft for Go Developers Topics goreleasesecurity Author Quim Muntal Quim Muntal Senior Software Engineer 0 comments Be the first to start the discussion. Leave a commentCancel reply Sign in [ ] [Reply] [Cancel] Code of Conduct Read next February 5, 2025 Go 1.23.6-1 and 1.22.12-1 Microsoft builds now available Davis Goodin Davis Goodin January 17, 2025 Go 1.23.5-1 and 1.22.11-1 Microsoft builds now available Davis Goodin Davis Goodin Stay informed Get notified when new posts are published. [ ] Subscribe By subscribing you agree to our Terms of Use and Privacy Follow this blog Are you sure you wish to delete this comment? OK Cancel Sign in Theme Insert/edit link Close Enter the destination URL URL [ ] Link Text [ ] [ ] Open link in a new tab Or link to existing content Search [ ] No search term specified. Showing recent items. Search or use up and down arrow keys to select an item. Cancel [Add Link] Code Block x Paste your code snippet [ ] Ok Cancel Feedback What's new * Surface Pro * Surface Laptop * Surface Laptop Studio 2 * Surface Laptop Go 3 * Microsoft Copilot * AI in Windows * Explore Microsoft products * Windows 11 apps Microsoft Store * Account profile * Download Center * Microsoft Store support * Returns * Order tracking * Certified Refurbished * Microsoft Store Promise * Flexible Payments Education * Microsoft in education * Devices for education * Microsoft Teams for Education * Microsoft 365 Education * How to buy for your school * Educator training and development * Deals for students and parents * Azure for students Business * Microsoft Cloud * Microsoft Security * Dynamics 365 * Microsoft 365 * Microsoft Power Platform * Microsoft Teams * Microsoft 365 Copilot * Small Business Developer & IT * Azure * Microsoft Developer * Documentation * Microsoft Learn * Microsoft Tech Community * Azure Marketplace * AppSource * Visual Studio Company * Careers * About Microsoft * Company news * Privacy at Microsoft * Investors * Diversity and inclusion * Accessibility * Sustainability Your Privacy Choices Your Privacy Choices Consumer Health Privacy * Sitemap * Contact Microsoft * Privacy * Manage cookies * Terms of use * Trademarks * Safety & eco * Recycling * About our ads * (c) Microsoft 2025