Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-60630

Add back default as a prerequisite to the SetupOpenSSL initializer

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Fixed
    • None
    • 5.1.0-rc0
    • None
    • None
    • Fully Compatible
    • ALL
    • Security 2021-10-18, Security 2021-11-01
    • 144

    Description

      In the "SetupOpenSSL" initializer, it is sometimes possible for the sslGlobalParams.sslFIPSMode variable to have a value of "false" even though the startup option net.tls.FIPSMode is"true" if the initializer happens to execute before the startup option's value has been parsed and stored in sslGlobalParams.sslFIPSMode. This causes the server to skip enabling FIPS mode, or to NOT crash if FIPS is not supported by the crypto library.

      Attachments

        Activity

          People

            erwin.pe@mongodb.com Erwin Pe
            erwin.pe@mongodb.com Erwin Pe
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: