--- title: OpenSSL FIPS mode url: https://www.tines.com/docs/self-hosted/configuring-tines/openssl-fips-mode/ updated: 2026-05-20T15:39:25+00:00 --- *[tines.com](https://www.tines.com/llms.txt) › [Docs](https://www.tines.com/llms.txt) › [Self-Hosted](https://www.tines.com/llm/docs/self-hosted.md) › [Configuring Tines](https://www.tines.com/llm/docs/self-hosted/configuring-tines.md)* # OpenSSL FIPS mode *[View on tines.com](https://www.tines.com/docs/self-hosted/configuring-tines/openssl-fips-mode/)* The Tines FIPS containers (`tines-app-with-fips`) are FIPS 140-3 compliant, using a CMVP-validated OpenSSL 3.1.2+ FIPS provider for all cryptographic operations. FIPS 140-3 compliance has been supported since v40.1. Please refer to the following documentation to learn more about the migration steps and the key differences ## Migrating from tines-app to tines-app-fips images ### Downloading releases from /admin/upgrade If you are downloading Tines release fro `/admin/upgrade` you will now see a new button to down the tines app dedicated for FIPS, which contains openSSL FIPS. Once you download, there is nothing else you need to do on your end. The upgrade and setup scripts will continue to work as usual with the correct base images (aliased). ### Running Tines in AWS Fargate, Kubernetes or similar environment & Docker Hub If you are getting the Tines image from Docker Hub and running Tines in AWS Fargate, Kubernetes or similar environment where you need to define the `tines-app` image version in deployment spec, you will now need to start referencing the dedicated image name - `tines-app-with-fips:$version` instead of `tines-app:$version`. Everything else remains the same. ## Differences between `tines-app` and `tines-app-with-fips` - The major difference between the two is `openSSL` build. `tines-app-with-fips` runs with openSSL 3 compiled with openSSL 3 FIPS. In case of any questions or concerns, please do not hesitate to reach out to our support team. ## PostgreSQL configuration You will also need to ensure that you are running PostgreSQL verion **14.x. ** After that, you can spin up your application with `RUN_FIPS=true` (as mentioned above) to start using Tines with OpenSSL FIPS. Based on the page structure, add this new section **after "Differences between tines-app and tines-app-with-fips"** and **before "PostgreSQL configuration"**: ### nginx FIPS Image For customers requiring FIPS compliance across their entire deployment stack, Tines also provides a FIPS-enabled nginx image  built on nginx 1.28. The nginx FIPS image uses the same OpenSSL 3 FIPS provider as `tines-app-with-fips`. TLS termination at nginx and application-level cryptography in tines-app both use the same FIPS-validated module.