Uploaded image for project: 'Documentation'
  1. Documentation
  2. DOCS-14793

[SERVER] Investigate changes in SERVER-59528: Disable use of SCRAM-SHA1 for intra-cluster authentication or user credentials when net.tls.FIPSMode = true

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.1.0-rc0
    • Component/s: manual, Server
    • Labels:
      None

      Description

      Downstream Change Summary

      With this change, a server running in FIPS mode will have the SCRAM-SHA-1 authentication mechanism disabled by default. It may still be enabled if setParameter.authenticationMechanisms is explicitly set.

      Drivers which target MongoDB 4.0 and later are already capable of negotiating protocol and should continue to work without modification after this change.

      Description of Linked Ticket

      When FIPS mode is enabled, SCRAM-SHA1 should be disabled for intra-cluster authentication or DB user auth.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              ian.fogelman Ian Fogelman
              Reporter:
              backlog-server-pm Backlog - Core Eng Program Management Team
              Participants:
              Last commenter:
              Ian Fogelman Ian Fogelman
              Docs Reviewer:
              Joseph Dougherty Joseph Dougherty
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since reply:
                8 weeks, 4 days ago
                Date of 1st Reply: