Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-20919

Use OpenSSL to generate IVs

    • Type: Icon: Improvement Improvement
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 3.2.0-rc2
    • Affects Version/s: 3.0.7
    • Component/s: Security
    • None
    • Fully Compatible
    • Security B 10/30/15, Security C 11/20/15

      AES-CBC encryption requires IVs which are random and unpredictable. Using OpenSSL to generate these values ensures both that these properties will hold, and that a FIPS compliant PRNG is used when operating in FIPS mode.

      This change will only effect the ESE components, and more wide scale restructuring of random number generation is discussed in SERVER-21253.

            Assignee:
            spencer.jackson@mongodb.com Spencer Jackson
            Reporter:
            andreas.nilsson Andreas Nilsson
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: