[SERVER-60630] Add back default as a prerequisite to the SetupOpenSSL initializer - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 5.1.0-rc0
Component/s: None
Labels:
None

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Sprint:
Security 2021-10-18, Security 2021-11-01
Linked BF Score:
144

Description

In the "SetupOpenSSL" initializer, it is sometimes possible for the sslGlobalParams.sslFIPSMode variable to have a value of "false" even though the startup option net.tls.FIPSMode is"true" if the initializer happens to execute before the startup option's value has been parsed and stored in sslGlobalParams.sslFIPSMode. This causes the server to skip enabling FIPS mode, or to NOT crash if FIPS is not supported by the crypto library.

Attachments

Activity

People

Assignee:: Erwin Pe

Reporter:: Erwin Pe

Participants:: Erwin Pe, Githook User

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: Oct 12 2021 08:19:43 PM UTC

Updated:: Oct 19 2021 05:32:33 PM UTC

Resolved:: Oct 19 2021 05:32:33 PM UTC