MCTB tiebreaker fails to start on RHEL with FIPS enabled

Welcome!

An account will enable you to access:
- NetApp support's essential features
- NetApp communities
- NetApp trainings
- Sign in to my account
- Don't have an account?
  Create an account
Learn
Browse

ONTAP Discussions

Ask a Question

1,883 Views

MCTB tiebreaker 1.21P2 fails to start on RHEL 7 with FIPS enabled

When tiebreaker starts:

bad decrypt
139962014652304:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:592:

This seems to indicate an openssl error. Looking at /etc/init.d/netapp-metrocluster-tiebreaker-software

DECR_PASS=$(echo $ENCR_PASS | openssl enc -aes-128-cbc -a -d -salt -pass pass:$KEY)

RHEL docs seem to indicate we need to add -md sha256 to the openssl encrypt and decrypt for it to work in FIPS mode. Where is the decrypt line specified?

0 REPLIES 0

All Community Forums

Blogs
- Tech ONTAP Blogs
- Digital Support
Products and Services
Developer Network
NetApp Learning Services
- NetApp Learning Services Discussions
General Discussion & Community Support

Latest Topics
Unanswered Topics
Start a Discussion

Public

MCTB tiebreaker fails to start on RHEL with FIPS enabled

How to enable FIPS on clean reinstall AFF300

Disable RC4 or Enable FIPS

FIPS Mode

Enable auditing

OCUM installation failes on RHEL [OCUM 6.3 / RHEL 6.5 ]