Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-20919

Use OpenSSL to generate IVs

    XMLWordPrintableJSON

Details

    • Icon: Improvement Improvement
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • 3.2.0-rc2
    • 3.0.7
    • Security
    • None
    • Fully Compatible
    • Security B 10/30/15, Security C 11/20/15

    Description

      AES-CBC encryption requires IVs which are random and unpredictable. Using OpenSSL to generate these values ensures both that these properties will hold, and that a FIPS compliant PRNG is used when operating in FIPS mode.

      This change will only effect the ESE components, and more wide scale restructuring of random number generation is discussed in SERVER-21253.

      Attachments

        Activity

          People

            spencer.jackson@mongodb.com Spencer Jackson
            andreas.nilsson Andreas Nilsson
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: