[SERVER-11251] Server should not start with sslMode=noSSL and sslFIPSMode=true Created: 17/Oct/13  Updated: 11/Jul/16  Resolved: 25/Nov/13

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.5.2
Fix Version/s: 2.5.5

Type: Bug Priority: Major - P3
Reporter: Sridhar Nanjundeswaran Assignee: Shaun Verch
Resolution: Done Votes: 0
Labels: 26qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Windows 7 Enterprise Build on 2008 R2
Git hash:
mongo - 1ea7e56cb2b8653d4b0453f04728033df34be9e1
enterprise - d919ef07f817832732d2a0a2ec68251bc161193a


Issue Links:
Depends
Duplicate
duplicates SERVER-11248 --ssl should be required if you use ... Closed
Operating System: ALL
Steps To Reproduce:
  • Start mongodb with sslMode=noSSL and sslFIPSMode=true
Participants:

 Description   

Do not expect the server to start but it does. Also in the logs you see
"2013-10-17T19:50:16.574+0000 [initandlisten] options: { config: "config.conf", dbpath: "d:\data\db", ssl:

{ FIPSMode: true, mode: "noSSL" }

}

This should error similar to specifying sslMode=noSSL and specify a PEM key file e.g
Error storing command line: BadValue need to enable SSL via the sslMode flag whenusing SSL configuration parameters



 Comments   
Comment by Githook User [ 25/Nov/13 ]

Author:

{u'username': u'Zarkantho', u'name': u'Shaun Verch', u'email': u'shaun.verch@10gen.com'}

Message: SERVER-11251 Make sure that ssl is enabled when sslFIPSMode is specified
Branch: master
https://github.com/mongodb/mongo/commit/29d0e69a262825891484c2def0788dd89f47dbcb

Comment by Sridhar Nanjundeswaran [ 22/Nov/13 ]

Tested with 11/20 Windows Enterprise.

Server still starts with sslMode=disabled and sslFIPSMode. Other SSL options correctly error out with fix to SERVER-11248.

Comment by Daniel Pasette (Inactive) [ 18/Oct/13 ]

see SERVER-11248

Generated at Thu Feb 08 03:25:18 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.