Skip to content

Commit 71e4f97

Browse files
authored
DOCSP-33528 Default OpenSSL under FIPS section (#5027) (#5058)
1 parent f42b9f8 commit 71e4f97

File tree

1 file changed

+42
-0
lines changed

1 file changed

+42
-0
lines changed

source/tutorial/configure-fips.txt

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -245,3 +245,45 @@ Additional Considerations
245245
.. include:: /includes/extracts/4.2-changes-fips.rst
246246

247247
.. include:: /includes/md5-and-scram-sha-1.rst
248+
249+
Database Tools and FIPS Mode
250+
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
251+
252+
Starting in MongoDB 4.2, the following programs no longer support the
253+
:option:`--sslFIPSMode <mongod --sslFIPSMode>` option:
254+
255+
- :binary:`~bin.mongodump`
256+
- :binary:`~bin.mongoexport`
257+
- :binary:`~bin.mongofiles`
258+
- :binary:`~bin.mongoimport`
259+
- :binary:`~bin.mongorestore`
260+
- :binary:`~bin.mongostat`
261+
- :binary:`~bin.mongotop`
262+
263+
``mongod``, ``mongos``, and FIPS Mode
264+
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
265+
266+
If you configure :binary:`~bin.mongod` and :binary:`~bin.mongos` to use
267+
FIPS mode, ``mongod`` and ``mongos`` use FIPS-compliant connections.
268+
269+
MongoDB Shell and FIPS Mode
270+
~~~~~~~~~~~~~~~~~~~~~~~~~~~
271+
272+
The default :binary:`~bin.mongosh` distribution:
273+
274+
- Contains OpenSSL 3.
275+
- Uses FIPS-compliant connections to :binary:`~bin.mongod` and
276+
:binary:`~bin.mongos` if you configure ``mongod`` and ``mongos`` to
277+
use FIPS mode.
278+
279+
MongoDB also provides a MongoDB Shell distribution that can use:
280+
281+
- OpenSSL 1.1 and OpenSSL 3 installed on your server.
282+
- ``--tlsFIPSMode`` option, which enables the ``mongosh`` FIPS mode.
283+
284+
.. seealso::
285+
286+
- To download MongoDB Shell distributions that contain OpenSSL 1.1
287+
and OpenSSL 3, go to the `MongoDB Download Center
288+
<https://www.mongodb.com/try/download/shell?jmp=docs>`__.
289+
- :ref:`mdb-shell-install`

0 commit comments

Comments
 (0)