diff -Nru mysql-8.0-8.0.29/debian/changelog mysql-8.0-8.0.29/debian/changelog
--- mysql-8.0-8.0.29/debian/changelog	2022-05-04 14:36:15.000000000 +0200
+++ mysql-8.0-8.0.29/debian/changelog	2022-05-27 13:10:47.000000000 +0200
@@ -1,3 +1,10 @@
+mysql-8.0 (8.0.29-0ubuntu0.20.04.4) focal; urgency=medium
+
+  * debian/patches/detect_fips.patch: Enable ssl_fips_mode by default
+    when running on a fips kernel (LP: #1971788)
+
+ -- Tobias Heider <tobias.heider@canonical.com>  Fri, 27 May 2022 13:10:47 +0200
+
 mysql-8.0 (8.0.29-0ubuntu0.20.04.3) focal-security; urgency=medium
 
   * SECURITY REGRESSION: 8.0.29 breaks existing charm configurations
diff -Nru mysql-8.0-8.0.29/debian/patches/detect_fips.patch mysql-8.0-8.0.29/debian/patches/detect_fips.patch
--- mysql-8.0-8.0.29/debian/patches/detect_fips.patch	1970-01-01 01:00:00.000000000 +0100
+++ mysql-8.0-8.0.29/debian/patches/detect_fips.patch	2022-05-27 13:10:47.000000000 +0200
@@ -0,0 +1,59 @@
+Index: mysql-8.0-8.0.29/vio/viosslfactories.cc
+===================================================================
+--- mysql-8.0-8.0.29.orig/vio/viosslfactories.cc
++++ mysql-8.0-8.0.29/vio/viosslfactories.cc
+@@ -25,6 +25,7 @@
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA */
+ 
++#include <fstream>
+ #include <sstream>
+ #include <string>
+ 
+@@ -473,6 +474,20 @@ void ssl_start() {
+ }
+ 
+ /**
++  Check if kernel is running in FIPS enabled mode
++
++  @retval
++   0     Off
++  @ retbal
++   1     On
++*/
++static bool detect_fips_kernel() {
++  std::ifstream procfile("/proc/sys/crypto/fips_enabled");
++  if (!procfile.is_open()) return false;
++  return (procfile.get() == '1');
++}
++
++/**
+   Set fips mode in openssl library,
+   When we set fips mode ON/STRICT, it will perform following operations:
+   1. Check integrity of openssl library
+@@ -492,17 +507,22 @@ void ssl_start() {
+ */
+ int set_fips_mode(const uint fips_mode, char err_string[OPENSSL_ERROR_LENGTH]) {
+   int rc = -1;
+-  unsigned int fips_mode_old = -1;
++  unsigned int fips_mode_old = -1, fips_mode_new;
+   unsigned long err_library = 0;
+   if (fips_mode > 2) {
+     goto EXIT;
+   }
++  if (fips_mode == 0 && detect_fips_kernel())
++    fips_mode_new = 1;
++  else
++    fips_mode_new = fips_mode;
++
+   fips_mode_old = FIPS_mode();
+-  if (fips_mode_old == fips_mode) {
++  if (fips_mode_old == fips_mode_new) {
+     rc = 1;
+     goto EXIT;
+   }
+-  if (!(rc = FIPS_mode_set(fips_mode))) {
++  if (!(rc = FIPS_mode_set(fips_mode_new))) {
+     /*
+       If OS doesn't have FIPS enabled openssl library and user sets FIPS mode
+       ON, It fails with proper error. But in the same time it doesn't allow to
diff -Nru mysql-8.0-8.0.29/debian/patches/series mysql-8.0-8.0.29/debian/patches/series
--- mysql-8.0-8.0.29/debian/patches/series	2022-05-04 14:34:37.000000000 +0200
+++ mysql-8.0-8.0.29/debian/patches/series	2022-05-27 13:10:33.000000000 +0200
@@ -7,3 +7,4 @@
 fix_path_mysql_keyring_encryption_test.patch
 disable_root_files.patch
 lp1971565.patch
+detect_fips.patch