MySQL Server 8.0.33 Crash when FIPS is enabled only on OS side

On By Mikael HOUNDEGNON GBAIIn MySQL TIPS, Uncategorized

FIPS is Federal Information Processing Standards 140-2 (FIPS 140-2) describes a security standard that can be required by Federal (US Government) agencies for cryptographic modules used to protect sensitive or valuable information. When FIPS is enabled on the Operating System and not enabled in MySQL it crashed with the following error 

2023-07-24T14:32:44.925574Z 4 [System] [MY-013381] [Server] Server upgrade from '80031' to '80033' started. 
2023-07-24T14:33:00.739789Z 4 [System] [MY-013381] [Server] Server upgrade from '80031' to '80033' completed. 
2023-07-24T14:33:00Z UTC - mysqld got signal 11 ; Most likely, you have hit a bug, but this error can also be caused by malfunctioning hardware. BuildID[sha1]=cef737838c777dafe342ff1d39eaa2be8ccfe2e6 Server Version: 8.0.33-25 Percona Server (GPL), Release '25', Revision '60c9e2c5' Thread pointer: 0x0 Attempting backtrace. You can use the following information to find out where mysqld died. If you see no messages after this, something went terribly wrong... stack_bottom = 0 thread_stack 0x100000 
/usr/sbin/mysqld(my_print_stacktrace(unsigned char const*, unsigned long)+0x41) [0x5557780f2041] 
/usr/sbin/mysqld(print_fatal_signal(int)+0x3b3) [0x555777149043] 
/usr/sbin/mysqld(handle_fatal_signal+0xc5) [0x555777149115] /lib/x86_64-linux-gnu/libpthread.so.0(+0x14420) [0x7f0759047420] /lib/x86_64-linux-gnu/libssl.so.1.1(SSL_CTX_get_security_level+0x4) [0x7f0758fd2554] 
/usr/sbin/mysqld(security_level()+0x23) [0x55577718afb3] /usr/sbin/mysqld(do_auto_cert_generation(ssl_artifacts_status, char const**, char const**, char const**)+0x57) [0x5557771924a7] 
/usr/sbin/mysqld(Ssl_init_callback_server_main::provision_certs()+0x72) [0x5557770c3ef2] 
/usr/sbin/mysqld(TLS_channel::singleton_init(Ssl_acceptor_context_container**, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, bool, Ssl_init_callback*, bool)+0x265) [0x5557770c2355] /usr/sbin/mysqld(mysqld_main(int, char**)+0x2ec1) [0x555776e742a1] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf3) [0x7f07586e0083] 
/usr/sbin/mysqld(_start+0x2e) [0x555776c9364e] 
Please help us make Percona Server better by reporting any bugs at https://bugs.percona.com/ You may download the Percona Server operations manual by visiting http://www.percona.com/software/percona-server/. 
You may find information in the manual which will help you identify the cause of the crash.

How to Check if FIPS is enabled on the OS

uname -a

Solution: the solution is to enable FIPS on MySQL side and start mysql again with FIPS enabled

To enable FIPS, go to /etc/mysql/my.cnf and add the following line:

[mysqld]
ssl_fips_mode = ON

Restart MySQL:

sudo systemctl restart mysql

And then run another upgrade to fix the MySQL packages that didn’t fully install:

sudo apt upgrade

Leave a comment