FIPS Environment (RHEL/OCP) - Python3 pymongo with Amazon DocumentDB v5: "Unsupported mechanism" & "[digital envelope routines] unsupported"

Solution Verified - Updated -

Issue

Attempted MongoDB connection string: client = pymongo.MongoClient("mongodb://userName" + urllib.parse.quote("password") + "@clusterName.us-east-2.docdb.amazonaws.com:27017/?tls=true&authMechanism=SCRAM-SHA-256&tlsCAFile=global-bundle.pem&replicaSet=rs0&readPreference=secondaryPreferred&retryWrites=false")

  • Returns this error: pymongo.errors.OperationFailure: Unsupported mechanism [ -301 ], full error: {'ok': 0, 'code': -301, 'supportedMechanisms': ['SCRAM-SHA-1', 'MONGODB-AWS'], 'errmsg': 'Unsupported mechanism [ -301 ]', 'operationTime': Timestamp(1735362859, 1)}

  • Attempts to use SCRAM-SHA-1 as the authMechanism returns the error: _password_digest md5hash = hashlib.md5() _hashlib.UnsupportedDigestmodError: [digital envelope routines] unsupported

  • Attempts to create a new MongoDB user using db.createUser({ user: "testuser", pwd: passwordPrompt(), mechanisms: ["SCRAM-SHA-256"], roles: [ { db: "admin", role: "readWriteAnyDatabase" } ]}); returns the error: MongoServerError: Mechanism SCRAM-SHA-256 not supported

Environment

  • OpenShift Container Platform 4 with FIPS enabled
    • UBI 8/9 image
  • RHEL/Fedora based system with FIPS enabled
  • Amazon DocumentDB v5 (AWS's MongoDB alternative)
  • Python 3

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content