Configuring SSL/TLS FIPS

The Federal Information Processing Standards (FIPS) developed by the National Institute of Standards and Technology (NIST) is a set of standards relating to the security of data and other information technology resources. These standards help protect the confidentiality, integrity and authenticity of information. The FIPS protocol establishes security standards to protect against unauthorized access to data via cyberattacks and other threats.

FIPS sets specific requirements for cybersecurity such as computer encryption schemes, key generation methods, computer security, and interoperability among others.

For more information about FIPs refer to the following:

OpenSSL 3 FIPS certification

National Institute of Standards and Technology FIPS PUB 140-2

OpenSSL FIPS 140-2 Security Policy

fips_module manpage

Enabling SSL/TLS FIPS mode inSingleStoreDB

ssl_fips_mode is an engine variable in SingleStoreDB that is used to enable SSL/TLS FIPS mode on each node. This variable can only be set while the node is offline and any changes made to this variable will take effect on the next start of the node.

When ssl_fips_mode is set to ON, the FIPS mode is enabled, which is a security standard that sets a stringent limit on what security algorithms are allowed, and mandates the use of specific key lengths and hash functions. This keeps the node more resistant to external attacks when an SSL/TLS connection is in use.

When ssl_fips_mode is set to ON, certain cryptographic algorithms and hash functions, such as MD5, are disabled because they do not satisfy the standards of FIPS mode.

SingleStoreDB uses the OpenSSL FIPS module.

Last modified: June 8, 2023

Was this article helpful?