The Tines application supports OpenSSL FIPS-140 support in its Docker image. Please refer to the following documentation to learn more.
Changes coming to tines-app and tines-app-fips images starting v23
Starting v23 the default tines-app will no longer ship with openSSL FIPS. Up until v23 the default tines-app image was compiled with openSSL FIPS. However, starting v23 that is no longer the case and a new image is being released that is compiled with openSSL FIPS.
Please refer to the following documentation to learn more about the migration steps and the key differences
Migrating from tines-app to tines-app-fips images
Downloading releases from /admin/upgrade
If you are downloading Tines release fro /admin/upgrade you will now see a new button to down the tines app dedicated for FIPS, which contains openSSL FIPS. Once you download, there is nothing else you need to do on your end. The upgrade and setup scripts will continue to work as usual with the correct base images (aliased).
Running Tines in AWS Fargate, Kubernetes or similar environment & Docker Hub
If you are getting the Tines image from Docker Hub and running Tines in AWS Fargate, Kubernetes or similar environment where you need to define the tines-app image version in deployment spec, you will now need to start referencing the dedicated image name - tines-app-with-fips:$version instead of tines-app:$version. Everything else remains the same.
Differences between tines-app and tines-app-with-fips
The major difference between the two is
openSSLbuild.tines-app-with-fipsruns with openSSL 3 compiled with openSSL 3 FIPS.
In case of any questions or concerns, please do not hesitate to reach out to our support team.
PostgreSQL configuration
You will also need to ensure that you are running PostgreSQL verion 14.x.
If you have been using Tines, you can follow the upgrade instructions here to upgrade PostgreSQL from 11.x to 14.5.
After that, you can spin up your application with RUN_FIPS=true (as mentioned above) to start using Tines with OpenSSL FIPS.