Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Done
Priority: Major - P3
Fix Version/s: 3.2.0-rc2
Affects Version/s: 3.0.7
Component/s: Security
Labels:
None

Backwards Compatibility:
Fully Compatible
Sprint:
Security B 10/30/15, Security C 11/20/15
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

AES-CBC encryption requires IVs which are random and unpredictable. Using OpenSSL to generate these values ensures both that these properties will hold, and that a FIPS compliant PRNG is used when operating in FIPS mode.

This change will only effect the ESE components, and more wide scale restructuring of random number generation is discussed in SERVER-21253.

is related to

SERVER-9058 Use FIPS-140-2 Approved Pseudorandom Number Generator for SecureRandom

Backlog

related to

SERVER-21253 Improve structure and functionality of random number generation classes

Backlog

Assignee:: Spencer Jackson
Reporter:: Andreas Nilsson (Inactive)
Participants:: Andreas Nilsson, Andrew Morrow, Githook User, Spencer Jackson
Votes:: 0 Vote for this issue
Watchers:: 6 Start watching this issue

Created:: Oct 14 2015 03:04:03 PM UTC
Updated:: Nov 05 2015 10:11:42 PM UTC
Resolved:: Nov 02 2015 06:23:36 PM UTC
Confidence Status Last Update:: 27/Oct/15 2:31 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates