ONTAP Discussions

MCTB tiebreaker fails to start on RHEL with FIPS enabled


MCTB tiebreaker 1.21P2 fails to start on RHEL 7 with FIPS enabled

When tiebreaker starts:

bad decrypt
139962014652304:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:592:


This seems to indicate an openssl error.  Looking at /etc/init.d/netapp-metrocluster-tiebreaker-software

DECR_PASS=$(echo $ENCR_PASS | openssl enc -aes-128-cbc -a -d -salt -pass pass:$KEY)


RHEL docs seem to indicate we need to add -md sha256 to the openssl encrypt and decrypt for it to work in FIPS mode.  Where is the decrypt line specified?

NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.