[DOCS-16095] [SERVER] OpenSSL 3.0 FIPS Created: 04/May/23 Updated: 13/Nov/23 Resolved: 26/Jul/23 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | manual, Server |
| Affects Version/s: | None |
| Fix Version/s: | 7.1.0-rc0, 7.0.0-rc1, 6.0.7, 5.0.23, Server_Docs_20231106, Server_Docs_20231105, Server_Docs_20231113 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Backlog - Core Eng Program Management Team | Assignee: | Ian Fogelman |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Participants: | |||||||||||||||||
| Days since reply: | 39 weeks ago | ||||||||||||||||
| Description |
|
ORIGINAL SUMMARY: Investigate changes in Original Downstream Change Summary MongoDB FIPS mode is not supported on MongoDB 6.0.x with OpenSSL 3. This ticket fixes that (when backported). This affects only Ubuntu 22.04, RHEL 9 and Amazon Linux 2023. Description of Linked TicketMongoDB does not support OpenSSL 3.0 FIPS due to a breaking API change by OpenSSL in the 3.0 release. As per the Open SSL documentation, https://www.openssl.org/docs/man3.0/man7/migration_guide.html -
This OpenSSL FIPS check in the build system (https://github.com/mongodb/mongo/blob/04e2094cff720a2f75f92f9f95b53422524740c7/src/mongo/util/net/openssl_init.cpp#L149-L165) is conditional on a function that was removed in OpenSSL 3.0 This was not caught in our existing test cases because we have no test cases that assert that MongoDB OpenSSL FIPS support works on platforms that have OpenSSL FIPS module support. We do have a test that ensures log lines match either positive or negative expected values though. The test does not know what log line is expected on which platform though. |
| Comments |
| Comment by Ashley Brown [ 10/May/23 ] |
|
Please backport to 6.0. |