MCTB tiebreaker fails to start on RHEL with FIPS enabled

Welcome!

An account will enable you to access:
- NetApp support's essential features
- NetApp communities
- NetApp trainings
- Sign in to my account
- Don't have an account?
  Create an account
Learn
Browse

ONTAP Discussions

Ask a Question

1,820 Views

MCTB tiebreaker 1.21P2 fails to start on RHEL 7 with FIPS enabled

When tiebreaker starts:

bad decrypt
139962014652304:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:592:

This seems to indicate an openssl error. Looking at /etc/init.d/netapp-metrocluster-tiebreaker-software

DECR_PASS=$(echo $ENCR_PASS | openssl enc -aes-128-cbc -a -d -salt -pass pass:$KEY)

RHEL docs seem to indicate we need to add -md sha256 to the openssl encrypt and decrypt for it to work in FIPS mode. Where is the decrypt line specified?

0 REPLIES 0

All Community Forums

Blogs
- Tech ONTAP Blogs
- Digital Support
Products and Services
Developer Network
NetApp Learning Services
- NetApp Learning Services Discussions
General Discussion & Community Support

Latest Topics
Unanswered Topics
Start a Discussion

Public