Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-24350

Enabling SSL FIPS mode fails with unexpected error message on Ubuntu 16.04

    XMLWordPrintableJSON

Details

    • Fully Compatible
    • ALL
    • v3.2
    • Platforms 2017-03-27
    • 0

    Description

      Currently, the ssl_fips.js test fails on Ubuntu 16.04. This test attempts to activate FIPS mode and then, if FIPS fails to activate, ensures that the printed error message is consistent with the OS not providing a FIPS module.

      On Ubuntu 14.04, we get the correct error message:

      [js_test:ssl_fips] 2016-06-01T16:46:28.626+0000 d20260| 2016-06-01T16:46:28.626+0000 F NETWORK  [main] can't activate FIPS mode: error:0F06D065:common libcrypto routines:FIPS_mode_set:fips mode not supported
      [js_test:ssl_fips] 2016-06-01T16:46:28.627+0000 d20260| 2016-06-01T16:46:28.626+0000 I -        [main] Fatal Assertion 16703
      

      This message clearly indicates that FIPS is unavailable in OpenSSL.

      On Ubuntu 16.04, the following error message is printed:

      [js_test:ssl_fips] 2016-05-31T20:52:14.797+0000 sh24456| 2016-05-31T20:52:14.796+0000 F NETWORK  [main] can't activate FIPS mode: error:00000000:lib(0):func(0):reason(0)
      [js_test:ssl_fips] 2016-05-31T20:52:14.797+0000 sh24456| 2016-05-31T20:52:14.796+0000 I -        [main] Fatal Assertion 16703
      

      The SSL integration appears to be detecting that FIPS is unavailable, but for some reason OpenSSL is not setting an error code.

      Attachments

        Issue Links

          Activity

            People

              spencer.jackson@mongodb.com Spencer Jackson
              spencer.jackson@mongodb.com Spencer Jackson
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: