Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-24350

Enabling SSL FIPS mode fails with unexpected error message on Ubuntu 16.04

    XMLWordPrintable

    Details

    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Backport Requested:
      v3.2
    • Sprint:
      Platforms 2017-03-27
    • Linked BF Score:
      0

      Description

      Currently, the ssl_fips.js test fails on Ubuntu 16.04. This test attempts to activate FIPS mode and then, if FIPS fails to activate, ensures that the printed error message is consistent with the OS not providing a FIPS module.

      On Ubuntu 14.04, we get the correct error message:

      [js_test:ssl_fips] 2016-06-01T16:46:28.626+0000 d20260| 2016-06-01T16:46:28.626+0000 F NETWORK  [main] can't activate FIPS mode: error:0F06D065:common libcrypto routines:FIPS_mode_set:fips mode not supported
      [js_test:ssl_fips] 2016-06-01T16:46:28.627+0000 d20260| 2016-06-01T16:46:28.626+0000 I -        [main] Fatal Assertion 16703
      

      This message clearly indicates that FIPS is unavailable in OpenSSL.

      On Ubuntu 16.04, the following error message is printed:

      [js_test:ssl_fips] 2016-05-31T20:52:14.797+0000 sh24456| 2016-05-31T20:52:14.796+0000 F NETWORK  [main] can't activate FIPS mode: error:00000000:lib(0):func(0):reason(0)
      [js_test:ssl_fips] 2016-05-31T20:52:14.797+0000 sh24456| 2016-05-31T20:52:14.796+0000 I -        [main] Fatal Assertion 16703
      

      The SSL integration appears to be detecting that FIPS is unavailable, but for some reason OpenSSL is not setting an error code.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: