https://community.netapp.com/t5/ONTAP-Discussions/MCTB-tiebreaker-fails-to-start-on-RHEL-with-FIPS-enabled/m-p/152328#M33913 <P>MCTB tiebreaker 1.21P2 fails to start on RHEL 7 with FIPS enabled</P> <P>When tiebreaker starts:</P> <P>bad decrypt<BR />139962014652304:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:592:</P> <P>&nbsp;</P> <P>This seems to indicate an openssl error.&nbsp; Looking at&nbsp;/etc/init.d/netapp-metrocluster-tiebreaker-software</P> <P>DECR_PASS=$(echo $ENCR_PASS | openssl enc -aes-128-cbc -a -d -salt -pass pass:$KEY)</P> <P>&nbsp;</P> <P>RHEL docs seem to indicate we need to add -md sha256 to the openssl encrypt and decrypt for it to work in FIPS mode.&nbsp; Where is the decrypt line specified?</P> Wed, 04 Jun 2025 12:08:34 GMT jhubert 2025-06-04T12:08:34Z https://community.netapp.com/t5/ONTAP-Discussions/MCTB-tiebreaker-fails-to-start-on-RHEL-with-FIPS-enabled/m-p/152328#M33913 <P>MCTB tiebreaker 1.21P2 fails to start on RHEL 7 with FIPS enabled</P> <P>When tiebreaker starts:</P> <P>bad decrypt<BR />139962014652304:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:592:</P> <P>&nbsp;</P> <P>This seems to indicate an openssl error.&nbsp; Looking at&nbsp;/etc/init.d/netapp-metrocluster-tiebreaker-software</P> <P>DECR_PASS=$(echo $ENCR_PASS | openssl enc -aes-128-cbc -a -d -salt -pass pass:$KEY)</P> <P>&nbsp;</P> <P>RHEL docs seem to indicate we need to add -md sha256 to the openssl encrypt and decrypt for it to work in FIPS mode.&nbsp; Where is the decrypt line specified?</P> Wed, 04 Jun 2025 12:08:34 GMT https://community.netapp.com/t5/ONTAP-Discussions/MCTB-tiebreaker-fails-to-start-on-RHEL-with-FIPS-enabled/m-p/152328#M33913 jhubert 2025-06-04T12:08:34Z