Running with OpenSSL FIPS

The Tines application supports OpenSSL FIPS-140 support in its Docker image. Please refer to the following documentation to learn more.

Changes coming to tines-app and tines-app-fips images starting v23 

Starting v23 the default tines-app will no longer ship with openSSL FIPS. Up until v23 the default tines-app image was compiled with openSSL FIPS. However, starting v23 that is no longer the case and a new image is being released that is compiled with openSSL FIPS.

Please refer to the following documentation to learn more about the migration steps and the key differences

Migrating from tines-app to tines-app-fips images 

Downloading releases from /admin/upgrade 

If you are downloading Tines release fro /admin/upgrade you will now see a new button to down the tines app dedicated for FIPS, which contains openSSL FIPS. Once you download, there is nothing else you need to do on your end. The upgrade and setup scripts will continue to work as usual with the correct base images (aliased).

Running Tines in AWS Fargate, Kubernetes or similar environment & Docker Hub 

If you are getting the Tines image from Docker Hub and running Tines in AWS Fargate, Kubernetes or similar environment where you need to define the tines-app image version in deployment spec, you will now need to start referencing the dedicated image name - tines-app-with-fips:$version instead of tines-app:$version. Everything else remains the same.

Differences between tines-app and tines-app-with-fips 

  • tines-app now runs with the latest openSSL 3 version, where tines-app-fips continues to run with openSSL 1.x FIPS supported version. This is primarily because Ruby currently does not have openSSL 3 FIPS out yet. Rest assured, once upstream support is out, we will ensure that tines-app-with-fips is accordingly updated.

  • TLS 1.3 for outbound network requests from HTTP Request action continues to stay unsupported for tines-app-with-fips. This is a limitation of the underlying openSSL version itself.


In case of any questions or concerns, please do not hesitate to reach out to our support team.

PostgreSQL configuration 

You will also need to ensure that you are running PostgreSQL verion 14 or above.

If you have been using Tines, you can follow the upgrade instructions here to upgrade PostgreSQL from 11.x to 14.5.

After that, you can spin up your application with RUN_FIPS=true (as mentioned above) to start using Tines with OpenSSL FIPS.

Was this helpful?