[DOCS-14793] [SERVER] Investigate changes in SERVER-59528: Disable use of SCRAM-SHA1 for intra-cluster authentication or user credentials when net.tls.FIPSMode = true Created: 14/Sep/21  Updated: 13/Nov/23  Resolved: 17/Nov/21

Status: Closed
Project: Documentation
Component/s: manual, Server
Affects Version/s: None
Fix Version/s: 5.1.0-rc0, Server_Docs_20231030, Server_Docs_20231106, Server_Docs_20231105, Server_Docs_20231113

Type: Task Priority: Major - P3
Reporter: Backlog - Core Eng Program Management Team Assignee: Ian Fogelman
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Documented
documents SERVER-59528 Disable use of SCRAM-SHA1 for intra-c... Closed
Participants:
Days since reply: 2 years, 12 weeks ago
Epic Link: DOCSP-14300
Story Points: 3

 Description   
Downstream Change Summary

With this change, a server running in FIPS mode will have the SCRAM-SHA-1 authentication mechanism disabled by default. It may still be enabled if setParameter.authenticationMechanisms is explicitly set.

Drivers which target MongoDB 4.0 and later are already capable of negotiating protocol and should continue to work without modification after this change.

Description of Linked Ticket

When FIPS mode is enabled, SCRAM-SHA1 should be disabled for intra-cluster authentication or DB user auth.



 Comments   
Comment by Githook User [ 17/Nov/21 ]

Author:

{'name': 'ian fogelman', 'email': 'ian.fogelman@mongodb.com', 'username': 'ianf-mongodb'}

Message: DOCS-14793 FIPS mode default behavior update
Branch: master
https://github.com/mongodb/docs/commit/d503c89071dcef52d238cbdc49974ad4c4e70f1f

Comment by PM Bot [ 14/Sep/21 ]

Downstream changes updated for upstream SERVER-59528:
With this change, a server running in FIPS mode will have the SCRAM-SHA-1 authentication mechanism disabled by default. It may still be enabled if setParameter.authenticationMechanisms is explicitly set.

Drivers which target MongoDB 4.0 and later are already capable of negotiating protocol and should continue to work without modification after this change.

Generated at Thu Feb 08 08:11:12 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.