Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-24350

Enabling SSL FIPS mode fails with unexpected error message on Ubuntu 16.04

    • Fully Compatible
    • ALL
    • v3.2
    • Platforms 2017-03-27
    • 0

      Currently, the ssl_fips.js test fails on Ubuntu 16.04. This test attempts to activate FIPS mode and then, if FIPS fails to activate, ensures that the printed error message is consistent with the OS not providing a FIPS module.

      On Ubuntu 14.04, we get the correct error message:

      [js_test:ssl_fips] 2016-06-01T16:46:28.626+0000 d20260| 2016-06-01T16:46:28.626+0000 F NETWORK  [main] can't activate FIPS mode: error:0F06D065:common libcrypto routines:FIPS_mode_set:fips mode not supported
      [js_test:ssl_fips] 2016-06-01T16:46:28.627+0000 d20260| 2016-06-01T16:46:28.626+0000 I -        [main] Fatal Assertion 16703

      This message clearly indicates that FIPS is unavailable in OpenSSL.

      On Ubuntu 16.04, the following error message is printed:

      [js_test:ssl_fips] 2016-05-31T20:52:14.797+0000 sh24456| 2016-05-31T20:52:14.796+0000 F NETWORK  [main] can't activate FIPS mode: error:00000000:lib(0):func(0):reason(0)
      [js_test:ssl_fips] 2016-05-31T20:52:14.797+0000 sh24456| 2016-05-31T20:52:14.796+0000 I -        [main] Fatal Assertion 16703

      The SSL integration appears to be detecting that FIPS is unavailable, but for some reason OpenSSL is not setting an error code.

            spencer.jackson@mongodb.com Spencer Jackson
            spencer.jackson@mongodb.com Spencer Jackson
            0 Vote for this issue
            8 Start watching this issue