Unrecognized option: net.tls.FIPSMode

ecbtfs52 · April 24, 2023, 3:09pm

We are moving to Percona v6 on rhel9 from Community v5 on rhel8. This parameter is fine on community. What am I missing here?

Here is part of the percona config:

# network interfaces
net:
  tls:
    FIPSMode: true
  port: 27017
#  bindIp: 127.0.0.1
  bindIp: 0.0.0.0

Error log

Unrecognized option: net.tls.FIPSMode
try '/usr/bin/mongod --help' for more information

From my community install

test> use admin
switched to db admin
admin> db.version()
5.0.14
admin> db.getSiblingDB("admin").runCommand({getCmdLineOpts: 1}).parsed.net.tls.FIPSMode
true
admin>

Thanks!

ecbtfs52 · April 28, 2023, 4:23pm

Can I get a confirmation from someone with Percona whether Percona for Mongo is FIPS compliant?

Igor_Solodovnikov · May 1, 2023, 2:32pm

Hello @ecbtfs52

Percona Server for MongoDB is based on MongoDB community version. Unfortunately MongoDB removed net.tls.FIPSMode option from MongoDB community version 6.0 (see SERVER-57004).
We will investigate what we can do with this issue.

ecbtfs52 · May 2, 2023, 2:17pm

Thanks for the clarification and the including the link!

Will any progress to toward having this available be posted here? Just looking for a way to track this since from a dod perspective FIPS non-compliance is a Cat 1 security finding.

Thanks

martongaja · July 17, 2023, 7:35am

Hello,
Are there any updates in this matter?
A bug ticket or something we can follow?
Thank you

Igor_Solodovnikov · July 17, 2023, 10:01am

Hello @martongaja and @ecbtfs52
We are tracking this issue in [PSMDB-1281] Enable FIPS on PSMDB 6.0 - Percona JIRA
Please subscribe for notifications on that ticket.