Node 4.2: Unable to run Node in non-FIPS mode if compiled with FIPS support
As currently implemented, when Node is compiled with FIPS support (./configure fips
), there is no way to disable engaging FIPS mode during execution. This means that several functions that rely on non-FIPS approved algorithms (e.g. md5 hashing) will fail, as will any code that depends on them (most obviously, npm
).
What seems needed to me is a way to explicitly enable or disable FIPS operation each time node is invoked. The way this is done with the openssl CLI is via the OPENSSL_FIPS environment variable.
It is straightforward to add a similar capability to Node. A pull request with a suggested implementation is forthcoming.