@@ -245,3 +245,45 @@ Additional Considerations
245
245
.. include:: /includes/extracts/4.2-changes-fips.rst
246
246
247
247
.. include:: /includes/md5-and-scram-sha-1.rst
248
+
249
+ Database Tools and FIPS Mode
250
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
251
+
252
+ Starting in MongoDB 4.2, the following programs no longer support the
253
+ :option:`--sslFIPSMode <mongod --sslFIPSMode>` option:
254
+
255
+ - :binary:`~bin.mongodump`
256
+ - :binary:`~bin.mongoexport`
257
+ - :binary:`~bin.mongofiles`
258
+ - :binary:`~bin.mongoimport`
259
+ - :binary:`~bin.mongorestore`
260
+ - :binary:`~bin.mongostat`
261
+ - :binary:`~bin.mongotop`
262
+
263
+ ``mongod``, ``mongos``, and FIPS Mode
264
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
265
+
266
+ If you configure :binary:`~bin.mongod` and :binary:`~bin.mongos` to use
267
+ FIPS mode, ``mongod`` and ``mongos`` use FIPS-compliant connections.
268
+
269
+ MongoDB Shell and FIPS Mode
270
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
271
+
272
+ The default :binary:`~bin.mongosh` distribution:
273
+
274
+ - Contains OpenSSL 3.
275
+ - Uses FIPS-compliant connections to :binary:`~bin.mongod` and
276
+ :binary:`~bin.mongos` if you configure ``mongod`` and ``mongos`` to
277
+ use FIPS mode.
278
+
279
+ MongoDB also provides a MongoDB Shell distribution that can use:
280
+
281
+ - OpenSSL 1.1 and OpenSSL 3 installed on your server.
282
+ - ``--tlsFIPSMode`` option, which enables the ``mongosh`` FIPS mode.
283
+
284
+ .. seealso::
285
+
286
+ - To download MongoDB Shell distributions that contain OpenSSL 1.1
287
+ and OpenSSL 3, go to the `MongoDB Download Center
288
+ <https://www.mongodb.com/try/download/shell?jmp=docs>`__.
289
+ - :ref:`mdb-shell-install`
0 commit comments