Details
-
New Feature
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Won't Fix
Description
MySQL 8.0 added the ssl_fips_mode system variable, which allows MySQL to run in FIPS mode:
ssl_fips_mode
Property Value
Command-Line Format --ssl-fips-mode=Unknown macro: {OFF|ON|STRICT}Introduced 8.0.11
System Variable ssl_fips_mode
Scope Global
Dynamic Yes
SET_VAR Hint Applies No
Type Enumeration
Default Value OFF
Valid Values
OFF (or 0)ON (or 1)
STRICT (or 2)
Controls whether to enable FIPS mode on the server side. The ssl_fips_mode system variable differs from other --ssl-xxx options in that it is not used to control whether the server permits encrypted connections, but rather to affect which cryptographic operations are permitted. See Section 6.5, “FIPS Support”.
These ssl_fips_mode values are permitted:
OFF (or 0): Disable FIPS mode.
ON (or 1): Enable FIPS mode.
STRICT (or 2): Enable “strict” FIPS mode.
https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_ssl_fips_mode
https://dev.mysql.com/doc/refman/8.0/en/fips-mode.html
Currently, to use FIPS mode in MariaDB, you have to enable it at the kernel level by following a process like the ones listed here:
Should we port ssl_fips_mode from MySQL, so our users can enable FIPS mode without changing kernel parameters?
Relevant MySQL commits:
https://github.com/mysql/mysql-server/commit/bc4036a6bb148c340aa37b583be5ef3b696f8d9c
https://github.com/mysql/mysql-server/commit/72ea3f61675033e16a0d13651b67695b85d88824
Attachments
Issue Links
- is blocked by
-
MDEV-27729 test with FIPS mode in buildbot
- Closed
- relates to
-
MDEV-19475 Add support for OpenSSL configuration files
- Closed