> have mysql detect a fips environment and auto-adjust?
This seems to be the best solution in terms of UX. I think auto-switching to SSL + fips mode is always better than failing with a cryptic OpenSSL error from a user's point of view.
The attached fix makes both client and server detect if they are running in a FIPS environment (by checking /proc/sys/crypto/fips_enabled) and switches to SSL/fips mode if so.
> have mysql detect a fips environment and auto-adjust?
This seems to be the best solution in terms of UX. I think auto-switching to SSL + fips mode is always better than failing with a cryptic OpenSSL error from a user's point of view.
The attached fix makes both client and server detect if they are running in a FIPS environment (by checking /proc/sys/ crypto/ fips_enabled) and switches to SSL/fips mode if so.