ONTAP Discussions

MCTB tiebreaker fails to start on RHEL with FIPS enabled

jhubert

MCTB tiebreaker 1.21P2 fails to start on RHEL 7 with FIPS enabled

When tiebreaker starts:

bad decrypt
139962014652304:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:592:

 

This seems to indicate an openssl error.  Looking at /etc/init.d/netapp-metrocluster-tiebreaker-software

DECR_PASS=$(echo $ENCR_PASS | openssl enc -aes-128-cbc -a -d -salt -pass pass:$KEY)

 

RHEL docs seem to indicate we need to add -md sha256 to the openssl encrypt and decrypt for it to work in FIPS mode.  Where is the decrypt line specified?

Earn Rewards for Your Review!
GPI Review Banner
All Community Forums
Public