0

I'd like to enable the FIPS mode of my MySQL 8.0.36 community server instance running on Windows. I know the ssl_fips_mode option has been deprecated as of MySQL 8.0.34 but it should still work in MySQL 8.0.36.

When I put

ssl_fips_mode=ON

into the my.ini file, the MySQL server refuses to start, giving me the following error:

[ERROR] [MY-011272] [Server] SSL fips mode error: error:12800067:DSO support routines::could not load the shared library

I assume this is because the OpenSSL FIPS Object Module is required but not included in my MySQL installation.

My MySQL installation comes with OpenSSL 3.0.12:

mysql> show status like '%Tls_library_version%';

OpenSSL 3.0.12 24 Oct 2023

What needs to be done to enable the FIPS mode in this scenario? Is there a MySQL download that comes with all required modules and libraries? I do not want to compile MySQL myself.

Thanks, Uwe

Improve this question
4
  • No it needs to be compiled against the OpenSSL library version that is certified for FIPS, 3.0 or 1.0.2. dev.mysql.com/doc/refman/8.3/en/fips-mode.html
    – Greg Askew
    Commented Apr 12 at 12:18
  • Do you know if Oracle provides pre-compiled MySQL FIPS packages?
    – uwe
    Commented Apr 12 at 13:39
  • The error message I mentioned in my questions is due to a bug in MySQL 8.0.34+, see Bug 35827938 : server will not start with ssl_fips_mode set (Oracle account needed). If MySQL 8.0.33 is used, the error messages changes to SSL fips mode error: error:0F06D065:common libcrypto routines:FIPS_mode_set:fips mode not supported. My question remains the same, though.
    – uwe
    Commented Apr 22 at 7:30
  • Sounds like it is complaining about support for the underlying platform.
    – Greg Askew
    Commented Apr 22 at 7:53

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .