diff --git a/deny.toml b/deny.toml
index 24802969c..bd1b6fc8a 100644
--- a/deny.toml
+++ b/deny.toml
@@ -2,7 +2,9 @@
 unlicensed = "deny"
 allow = ["Apache-2.0", "Apache-2.0 WITH LLVM-exception", "MIT", "BSD-3-Clause", "BSD-2-Clause", "Unicode-DFS-2016"]
 
-[bans]
+[[bans.deny]]
+# We want to require FIPS validation downstream, so we use openssl
+name = "ring"
 
 [sources]
 unknown-registry = "deny"