Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-60630

Add back default as a prerequisite to the SetupOpenSSL initializer

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.1.0-rc0
    • Component/s: None
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Sprint:
      Security 2021-10-18, Security 2021-11-01
    • Linked BF Score:
      144

      Description

      In the "SetupOpenSSL" initializer, it is sometimes possible for the sslGlobalParams.sslFIPSMode variable to have a value of "false" even though the startup option net.tls.FIPSMode is"true" if the initializer happens to execute before the startup option's value has been parsed and stored in sslGlobalParams.sslFIPSMode. This causes the server to skip enabling FIPS mode, or to NOT crash if FIPS is not supported by the crypto library.

        Attachments

          Activity

            People

            Assignee:
            erwin.pe Erwin Pe
            Reporter:
            erwin.pe Erwin Pe
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: