-
Type: Task
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Labels:None
Downstream Change Summary
With this change, a server running in FIPS mode will have the SCRAM-SHA-1 authentication mechanism disabled by default. It may still be enabled if setParameter.authenticationMechanisms is explicitly set.
Drivers which target MongoDB 4.0 and later are already capable of negotiating protocol and should continue to work without modification after this change.
Description of Linked Ticket
When FIPS mode is enabled, SCRAM-SHA1 should be disabled for intra-cluster authentication or DB user auth.
- documents
-
SERVER-59528 Disable use of SCRAM-SHA1 for intra-cluster authentication or user credentials when net.tls.FIPSMode = true
- Closed