You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+19-3Lines changed: 19 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,9 +16,6 @@ Getting Started Docs: <https://developer.box.com/guides/tooling/sdks/python/>
16
16
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
17
17
<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
18
18
19
-
-[Versions](#versions)
20
-
-[Supported Version](#supported-version)
21
-
-[Version schedule](#version-schedule)
22
19
-[Installing](#installing)
23
20
-[Getting Started](#getting-started)
24
21
-[Authorization](#authorization)
@@ -33,6 +30,10 @@ Getting Started Docs: <https://developer.box.com/guides/tooling/sdks/python/>
33
30
-[Development Client](#development-client)
34
31
-[Customization](#customization)
35
32
-[Custom Subclasses](#custom-subclasses)
33
+
-[FIPS 140-2 Compliance](#fips-140-2-compliance)
34
+
-[Versions](#versions)
35
+
-[Supported Version](#supported-version)
36
+
-[Version schedule](#version-schedule)
36
37
-[Contributing](#contributing)
37
38
-[Developer Setup](#developer-setup)
38
39
-[Testing](#testing)
@@ -388,6 +389,21 @@ subclass will be returned from all SDK methods that previously returned
388
389
an instance of the parent. See `BaseAPIJSONObjectMeta` and `Translator`
389
390
to see how the SDK performs dynamic lookups to determine return types.
390
391
392
+
# FIPS 140-2 Compliance
393
+
394
+
The Python SDK allows the use of FIPS 140-2 validated SSL libraries, such as OpenSSL 3.0.
395
+
However, some actions are required to enable this functionality.
396
+
397
+
Currently, the latest distributions of Python default to OpenSSL v1.1.1, which is not FIPS compliant.
398
+
Therefore, if you want to use OpenSSL 3.0 in your network communication,
399
+
you need to ensure that Python uses a custom SSL library.
400
+
One way to achieve this is by creating a custom Python distribution with the ssl module replaced.
401
+
402
+
If you are using JWT for authentication, it is also necessary to ensure that the cryptography library,
403
+
which is one of the extra dependencies for JWT, uses OpenSSL 3.0.
404
+
To enable FIPS mode for the `cryptography` library, you need to install a FIPS-compliant version of OpenSSL
405
+
during the installation process of cryptography using the `pip` command.
406
+
391
407
# Versions
392
408
We use a modified version of [Semantic Versioning](https://semver.org/) for all changes. See [version strategy](VERSIONS.md) for details which is effective from 30 July 2022.
0 commit comments