diff --git a/cmd/confluent/main.go b/cmd/confluent/main.go
index 1854cd03fa..ea4c2fb391 100644
--- a/cmd/confluent/main.go
+++ b/cmd/confluent/main.go
@@ -8,6 +8,7 @@ import (
 
 	"github.com/confluentinc/cli/v4/internal"
 	"github.com/confluentinc/cli/v4/pkg/config"
+	_ "github.com/confluentinc/cli/v4/pkg/fips"
 	pversion "github.com/confluentinc/cli/v4/pkg/version"
 )
 
diff --git a/pkg/fips/fips.go b/pkg/fips/fips.go
new file mode 100644
index 0000000000..df925a998f
--- /dev/null
+++ b/pkg/fips/fips.go
@@ -0,0 +1,5 @@
+//go:build boringcrypto
+
+package fips
+
+import _ "crypto/tls/fipsonly" // including this package when boringcrypto is enabled forces tls to use fips settings only
diff --git a/pkg/fips/no_fips.go b/pkg/fips/no_fips.go
new file mode 100644
index 0000000000..7731de4bc4
--- /dev/null
+++ b/pkg/fips/no_fips.go
@@ -0,0 +1,3 @@
+package fips
+
+// This file exists to suppress build errors when not building with boringcrypto