diff --git a/Makefile b/Makefile
index 6abe59423..710c5ae5c 100644
--- a/Makefile
+++ b/Makefile
@@ -6,6 +6,10 @@ ADMIN_DIR = weed/admin
 SOURCE_DIR = .
 debug ?= 0
 
+# Enable FIPS 140-3 compliant crypto by default (Go 1.24+)
+# Set GOEXPERIMENT= (empty) to disable
+export GOEXPERIMENT ?= systemcrypto
+
 all: install
 
 install: admin-generate
diff --git a/docker/Dockerfile.foundationdb_large b/docker/Dockerfile.foundationdb_large
index 8a79498f7..8932b218f 100644
--- a/docker/Dockerfile.foundationdb_large
+++ b/docker/Dockerfile.foundationdb_large
@@ -50,6 +50,10 @@ RUN cd /tmp && \
 ENV CGO_CFLAGS="-I/usr/include/foundationdb"
 ENV CGO_LDFLAGS="-lfdb_c"
 
+# Enable FIPS 140-3 compliant crypto by default (Go 1.24+)
+ARG GOEXPERIMENT=systemcrypto
+ENV GOEXPERIMENT=${GOEXPERIMENT}
+
 # build SeaweedFS sources; prefer local context but fall back to git clone if context only has docker files
 ARG SOURCE_REF=master
 WORKDIR /go/src/github.com/seaweedfs/seaweedfs
diff --git a/docker/Dockerfile.go_build b/docker/Dockerfile.go_build
index 2d9fe99ce..b723d580e 100644
--- a/docker/Dockerfile.go_build
+++ b/docker/Dockerfile.go_build
@@ -12,6 +12,10 @@ RUN cd /go/src/github.com/seaweedfs/seaweedfs && \
       git checkout $BRANCH) || \
      (echo "ERROR: Branch/commit $BRANCH not found in repository" && \
       echo "Available branches:" && git branch -a && exit 1))
+# Enable FIPS 140-3 compliant crypto by default (Go 1.24+)
+# Set GOEXPERIMENT= (empty) to disable
+ARG GOEXPERIMENT=systemcrypto
+ENV GOEXPERIMENT=${GOEXPERIMENT}
 RUN cd /go/src/github.com/seaweedfs/seaweedfs/weed \
   && export LDFLAGS="-X github.com/seaweedfs/seaweedfs/weed/util/version.COMMIT=$(git rev-parse --short HEAD)" \
   && CGO_ENABLED=0 go install -tags "$TAGS" -ldflags "-extldflags -static ${LDFLAGS}"
diff --git a/docker/Dockerfile.rocksdb_large b/docker/Dockerfile.rocksdb_large
index 1a86b3368..d894fc040 100644
--- a/docker/Dockerfile.rocksdb_large
+++ b/docker/Dockerfile.rocksdb_large
@@ -21,6 +21,9 @@ RUN mkdir -p /go/src/github.com/seaweedfs/
 RUN git clone https://github.com/seaweedfs/seaweedfs /go/src/github.com/seaweedfs/seaweedfs
 ARG BRANCH=master
 RUN cd /go/src/github.com/seaweedfs/seaweedfs && git checkout $BRANCH
+# Enable FIPS 140-3 compliant crypto by default (Go 1.24+)
+ARG GOEXPERIMENT=systemcrypto
+ENV GOEXPERIMENT=${GOEXPERIMENT}
 RUN cd /go/src/github.com/seaweedfs/seaweedfs/weed \
   && export LDFLAGS="-X github.com/seaweedfs/seaweedfs/weed/util/version.COMMIT=$(git rev-parse --short HEAD)" \
   && go install -tags "5BytesOffset rocksdb" -ldflags "-extldflags -static ${LDFLAGS}"
diff --git a/docker/Dockerfile.rocksdb_large_local b/docker/Dockerfile.rocksdb_large_local
index 482cfe18e..bba9f3468 100644
--- a/docker/Dockerfile.rocksdb_large_local
+++ b/docker/Dockerfile.rocksdb_large_local
@@ -1,5 +1,9 @@
 FROM chrislusf/rocksdb_dev_env as builder
 
+# Enable FIPS 140-3 compliant crypto by default (Go 1.24+)
+ARG GOEXPERIMENT=systemcrypto
+ENV GOEXPERIMENT=${GOEXPERIMENT}
+
 # build SeaweedFS
 RUN mkdir -p /go/src/github.com/seaweedfs/
 ADD . /go/src/github.com/seaweedfs/seaweedfs
diff --git a/weed/Makefile b/weed/Makefile
index 38c0d9317..91c06d42b 100644
--- a/weed/Makefile
+++ b/weed/Makefile
@@ -2,6 +2,10 @@ BINARY = weed
 
 SOURCE_DIR = .
 
+# Enable FIPS 140-3 compliant crypto by default (Go 1.24+)
+# Set GOEXPERIMENT= (empty) to disable
+export GOEXPERIMENT ?= systemcrypto
+
 all: install
 
 .PHONY : clean debug_mount