This enables configuring FIPS mode at runtime without the need for a custom build.

Issue: #4442
author: Nick Vatamaniuc <vatamane@gmail.com> 2023-02-24 18:16:19 -0500
committer: Nick Vatamaniuc <nickva@users.noreply.github.com> 2023-02-27 15:34:30 -0500
commit: 54879f9a5d093b8000d64070e7de323e155f2a2a (patch)
tree: ba09118fcd04b228e78e2053746cca64af175611 /rel/overlay
parent: f677dd5e8f5276c5dff8d48b4df5494d74df4748 (diff)
download: couchdb-54879f9a5d093b8000d64070e7de323e155f2a2a.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/rel/overlay/etc/vm.args b/rel/overlay/etc/vm.args
index 2c011e405..174fba1c5 100644
--- a/rel/overlay/etc/vm.args
+++ b/rel/overlay/etc/vm.args
@@ -99,3 +99,14 @@
 #-proto_dist couch
 #-couch_dist no_tls '"clouseau@127.0.0.1"'
 #-ssl_dist_optfile <path/to/couch_ssl_dist.conf>
+
+# Enable FIPS mode
+#   https://www.erlang.org/doc/apps/crypto/fips.html
+#   Ensure that:
+#    - Erlang is built with --enable-fips configuration option
+#    - Crypto library (e.g. OpenSSL) supports this mode
+#
+# When the mode is successfully enabled "Welcome" message should show `fips`
+# in the features list.
+#
+#-crypto fips_mode true
author	Nick Vatamaniuc <vatamane@gmail.com>	2023-02-24 18:16:19 -0500
committer	Nick Vatamaniuc <nickva@users.noreply.github.com>	2023-02-27 15:34:30 -0500
commit	54879f9a5d093b8000d64070e7de323e155f2a2a (patch)
tree	ba09118fcd04b228e78e2053746cca64af175611 /rel/overlay
parent	f677dd5e8f5276c5dff8d48b4df5494d74df4748 (diff)
download	couchdb-54879f9a5d093b8000d64070e7de323e155f2a2a.tar.gz