DOCSP-33528 Default OpenSSL under FIPS section (#5027) (#5058)

ajhuh-mdb · web-flow · commit 71e4f978726d · 2023-10-13T09:19:28.000-04:00
diff --git a/source/tutorial/configure-fips.txt b/source/tutorial/configure-fips.txt
@@ -245,3 +245,45 @@ Additional Considerations
 .. include:: /includes/extracts/4.2-changes-fips.rst
 
 .. include:: /includes/md5-and-scram-sha-1.rst
+
+Database Tools and FIPS Mode
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Starting in MongoDB 4.2, the following programs no longer support the
+:option:`--sslFIPSMode <mongod --sslFIPSMode>` option:
+
+- :binary:`~bin.mongodump`
+- :binary:`~bin.mongoexport`
+- :binary:`~bin.mongofiles`
+- :binary:`~bin.mongoimport`
+- :binary:`~bin.mongorestore`
+- :binary:`~bin.mongostat`
+- :binary:`~bin.mongotop`
+
+``mongod``, ``mongos``, and FIPS Mode
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If you configure :binary:`~bin.mongod` and :binary:`~bin.mongos` to use
+FIPS mode, ``mongod`` and ``mongos`` use FIPS-compliant connections.
+
+MongoDB Shell and FIPS Mode
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The default :binary:`~bin.mongosh` distribution:
+
+- Contains OpenSSL 3.
+- Uses FIPS-compliant connections to :binary:`~bin.mongod` and
+  :binary:`~bin.mongos` if you configure ``mongod`` and ``mongos`` to
+  use FIPS mode.
+
+MongoDB also provides a MongoDB Shell distribution that can use:
+
+- OpenSSL 1.1 and OpenSSL 3 installed on your server.
+- ``--tlsFIPSMode`` option, which enables the ``mongosh`` FIPS mode.
+
+.. seealso::
+
+   - To download MongoDB Shell distributions that contain OpenSSL 1.1
+     and OpenSSL 3, go to the `MongoDB Download Center
+     <https://www.mongodb.com/try/download/shell?jmp=docs>`__.
+   - :ref:`mdb-shell-install`
