NetApp Community Update
This site will enter Read Only mode on July 23 as we prepare to move to a new platform. You will still be able to view content, but posting and replying will be temporarily disabled.
We're excited to launch our new Community experience on July 30 and more information will follow soon.
Stay connected during the transition - Join our Discord community today.

ONTAP Discussions

MCTB tiebreaker fails to start on RHEL with FIPS enabled

jhubert
2,185 Views

MCTB tiebreaker 1.21P2 fails to start on RHEL 7 with FIPS enabled

When tiebreaker starts:

bad decrypt
139962014652304:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:592:

 

This seems to indicate an openssl error.  Looking at /etc/init.d/netapp-metrocluster-tiebreaker-software

DECR_PASS=$(echo $ENCR_PASS | openssl enc -aes-128-cbc -a -d -salt -pass pass:$KEY)

 

RHEL docs seem to indicate we need to add -md sha256 to the openssl encrypt and decrypt for it to work in FIPS mode.  Where is the decrypt line specified?

0 REPLIES 0
Public