New Docker containers for Python FIPS 140-3 integration

    • For developers seeking to implement FIPS 140-3 compliance in their secure Python applications, wolfSSL has already been offering effective solutions:

    • wolfProvider enables the use of wolfCrypt as the underlying crypto provider for OpenSSL.
    • The wolfSSL Python ports let you completely replace OpenSSL with wolfSSL in Python’s ssl module.

    However, we understand that the initial setup – compiling wolfSSL with the right flags and correctly configuring the Python environment – can introduce friction, especially when you need to get a project off the ground quickly.

    The wolfSSL Python containers

    To streamline your development workflow, we’ve launched a new set of wolfSSL Docker containers which provide a ready-to-use Python environment pre-configured to use FIPS 140-3 validated wolfSSL technology.
    We provide three different Dockerfiles. Which one you should choose depends on your needs:

    • Dockerfile.provider: uses wolfProvider to register wolfSSL as the default OpenSSL provider in the container. This results in a Python runtime that still uses OpenSSL, but with FIPS certified wolfSSL crypto underneath.
    • Dockerfile.provider-min: a simpler Dockerfile that achieves the same result as above. Instead of building Python on top of an Alpine base image, it directly uses the official Python Alpine image, making it easier to update to new Python versions.
    • Dockerfile.osp: uses the wolfSSL Python ports, resulting in a Python runtime that uses wolfSSL only. The Dockerfile also deletes traces of OpenSSL from the system to prevent OpenSSL usage, which may cause some non-Python applications to stop working. This solution is useful in strict FIPS scenarios where OpenSSL must be entirely excluded.

    Getting started

    Setting up these containers requires an active wolfCrypt FIPS license. Feel free to contact fips@wolfssl.com for more information.
    Once you have the appropriate 7z archive password, building and running the containers is as simple as cloning the GitHub repository, writing your password to a password.txt file and executing make run-provider, make run-provider-min or make run-osp. Further information is available in the README.

    If you have questions about any of the above, please contact us at facts@wolfssl.com or call us at +1 425 245 8247.

    Download wolfSSL Now