AES-CBC encryption requires IVs which are random and unpredictable. Using OpenSSL to generate these values ensures both that these properties will hold, and that a FIPS compliant PRNG is used when operating in FIPS mode.
This change will only effect the ESE components, and more wide scale restructuring of random number generation is discussed in SERVER-21253.
- is related to
-
SERVER-9058 Use FIPS-140-2 Approved Pseudorandom Number Generator for SecureRandom
-
- Backlog
-
- related to
-
SERVER-21253 Improve structure and functionality of random number generation classes
-
- Backlog
-