[SERVER-60630] Add back default as a prerequisite to the SetupOpenSSL initializer Created: 12/Oct/21 Updated: 29/Oct/23 Resolved: 19/Oct/21 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 5.1.0-rc0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Erwin Pe | Assignee: | Erwin Pe |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Backwards Compatibility: | Fully Compatible | ||||
| Operating System: | ALL | ||||
| Sprint: | Security 2021-10-18, Security 2021-11-01 | ||||
| Participants: | |||||
| Linked BF Score: | 144 | ||||
| Description |
|
In the "SetupOpenSSL" initializer, it is sometimes possible for the sslGlobalParams.sslFIPSMode variable to have a value of "false" even though the startup option net.tls.FIPSMode is"true" if the initializer happens to execute before the startup option's value has been parsed and stored in sslGlobalParams.sslFIPSMode. This causes the server to skip enabling FIPS mode, or to NOT crash if FIPS is not supported by the crypto library. |
| Comments |
| Comment by Githook User [ 19/Oct/21 ] |
|
Author: {'name': 'Erwin Pe', 'email': 'erwin.pe@mongodb.com', 'username': 'erwee'}Message: |