feat: conditional fips mode

Author: cardoso

ee/apps/ddp-streamer/Dockerfile

@@ -130,7 +130,8 @@ CMD ["node", "src/service.js"]
 FROM rocketchatfips140/dhi-node:22-alpine3.23 AS release-fips
 ARG SERVICE
 ENV NODE_ENV=production \
-    PORT=3000
+    PORT=3000 \
+    ROCKETCHAT_ENABLE_FIPS=true
 COPY --chown=node:node --from=builder /app /app
 WORKDIR /app/ee/apps/${SERVICE}
 USER node

ee/apps/ddp-streamer/src/service.ts

@@ -1,4 +1,16 @@
 import os from 'os';
+import crypto from 'crypto';
+
+// --- CONDITIONAL FIPS ENFORCEMENT ---
+if (process.env.ROCKETCHAT_ENABLE_FIPS === 'true') {
+	crypto.setFips(true); // Force OpenSSL into FIPS mode only if the env var is set
+}
+
+console.log('=================================');
+console.log('FIPS COMPLIANCE CHECK');
+console.log('Is FIPS actively enforced? :', crypto.getFips() ? 'YES' : 'NO');
+console.log('=================================');
+// ------------------------------------
 
 import { api, getConnection, getTrashCollection } from '@rocket.chat/core-services';
 import { InstanceStatus } from '@rocket.chat/instance-status';