Comment by keepamovin 1 month ago Does this mean TS is not FIPS 140-3 now? 4 comments keepamovin Reply tatersolid 1 month ago It never was FIPS-approved and likely will never be. The wireguard protocol used by Tailscale uses ChaCha20 for encryption which is not FIPS approved. keepamovin 1 month ago Interesting. What is the FIPS version of wireguard? cronos 1 month ago There are some forks that are not compatible with regular wireguard, for example from wolfssl. Or just classic mTLS. tatersolid 25 days ago > What is the FIPS version of wireguard?IPsec or TLS-based overlays which use AES encryption and NIST-approved ECC curves or (gasp) RSA for key exchange and authentication. They generally suck in comparison with wireguard, which is a clean-sheet modern cryptographic protocol.
tatersolid 1 month ago It never was FIPS-approved and likely will never be. The wireguard protocol used by Tailscale uses ChaCha20 for encryption which is not FIPS approved. keepamovin 1 month ago Interesting. What is the FIPS version of wireguard? cronos 1 month ago There are some forks that are not compatible with regular wireguard, for example from wolfssl. Or just classic mTLS. tatersolid 25 days ago > What is the FIPS version of wireguard?IPsec or TLS-based overlays which use AES encryption and NIST-approved ECC curves or (gasp) RSA for key exchange and authentication. They generally suck in comparison with wireguard, which is a clean-sheet modern cryptographic protocol.
keepamovin 1 month ago Interesting. What is the FIPS version of wireguard? cronos 1 month ago There are some forks that are not compatible with regular wireguard, for example from wolfssl. Or just classic mTLS. tatersolid 25 days ago > What is the FIPS version of wireguard?IPsec or TLS-based overlays which use AES encryption and NIST-approved ECC curves or (gasp) RSA for key exchange and authentication. They generally suck in comparison with wireguard, which is a clean-sheet modern cryptographic protocol.
cronos 1 month ago There are some forks that are not compatible with regular wireguard, for example from wolfssl. Or just classic mTLS.
tatersolid 25 days ago > What is the FIPS version of wireguard?IPsec or TLS-based overlays which use AES encryption and NIST-approved ECC curves or (gasp) RSA for key exchange and authentication. They generally suck in comparison with wireguard, which is a clean-sheet modern cryptographic protocol.
It never was FIPS-approved and likely will never be. The wireguard protocol used by Tailscale uses ChaCha20 for encryption which is not FIPS approved.
Interesting. What is the FIPS version of wireguard?
There are some forks that are not compatible with regular wireguard, for example from wolfssl. Or just classic mTLS.
> What is the FIPS version of wireguard?
IPsec or TLS-based overlays which use AES encryption and NIST-approved ECC curves or (gasp) RSA for key exchange and authentication. They generally suck in comparison with wireguard, which is a clean-sheet modern cryptographic protocol.