error: FIPS routines:fips_pkey_signature_test:test failure:fips_post.c

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm getting strange ssl errors on a server

    140405310092952:error:2D079089:FIPS
routines:fips_pkey_signature_test:test failure:fips_post.c:166:
    140405310092952:error:2D06A07F:FIPS routines:FIPS_CHECK_EC:pairwise
test failed:ec_key.c:249:
    140405310092952:error:1409802B:SSL
routines:ssl3_send_client_key_exchange:reason(43):s3_clnt.c:2869:

What could be wrong?

It's a VM inside OpenStack, on Xeon.
OS:
    Ubuntu 16.04 cloud image from 30-Aug-2016, apt-get upgraded
uname -a:
    Linux host 4.4.0-36-generic #55-Ubuntu SMP Thu Aug 11 18:01:55 UTC
2016 x86_64 x86_64 x86_64 GNU/Linux
openssl version:
    OpenSSL 1.0.2g-fips  1 Mar 2016

If I try it in a different VM, same OS, same packages, but different
hardware (i7, VMWare Workstation) openssl connections work as expected.

Shorter output follows, output with -debug -msg -state is at
http://pastebin.com/ELRPqSe7

# openssl s_client -connect getcomposer.org:443
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert
Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
verify return:1
depth=0 C = CH, ST = Z\C3\BCrich, L = Z\C3\BCrich, O = Nelmio AG, CN =
getcomposer.org
verify return:1
140405310092952:error:2D079089:FIPS
routines:fips_pkey_signature_test:test failure:fips_post.c:166:
140405310092952:error:2D06A07F:FIPS routines:FIPS_CHECK_EC:pairwise test
failed:ec_key.c:249:
140405310092952:error:1409802B:SSL
routines:ssl3_send_client_key_exchange:reason(43):s3_clnt.c:2869:
---
Certificate chain
 0 s:/C=CH/ST=Z\xC3\xBCrich/L=Z\xC3\xBCrich/O=Nelmio AG/CN=getcomposer.org
   i:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
 1 s:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgIQA/CSzSaY2b4dUqeC6GV40DANBgkqhkiG9w0BAQsFADBN
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E
aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTQwNjMwMDAwMDAwWhcN
MTcwODAxMTIwMDAwWjBfMQswCQYDVQQGEwJDSDEQMA4GA1UECAwHWsO8cmljaDEQ
MA4GA1UEBwwHWsO8cmljaDESMBAGA1UEChMJTmVsbWlvIEFHMRgwFgYDVQQDEw9n
ZXRjb21wb3Nlci5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDY
/rinDi/amwLzf4Nc6vaWfRgRV4UMstDp0aPpF9ZJVApUzks6adk4i/1GbgusjQ8j
xuCpUih7FQdM0H/rwGAB1ydvMzvvQBa18DU3/2FNdEcQwJnK3VE/xV4OCKIS7xFa
LQm/W0jhkY3k++a68aGB/T3/mPxkQMxFNVFKwRRlS+GeKVIavfYkJZrfWobztVjb
bMFsxaIqHBCb7Jo0pGAbYoaedWncuUYDNIaez04ejIataxW5rwBapsKBRtRe92bn
sbU40IxrJ9R9amksYayJLYNhG/V8PIkQiibMrP4KVZH2XVZOMCpkrJFyW9l4Y2rm
aB89RzCU3a0yRu3NCv2fAgMBAAGjggHhMIIB3TAfBgNVHSMEGDAWgBQPgGEcgjFh
1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUm5Dn9S1j0h3hvmp9dp3CIY9UpSowLwYD
VR0RBCgwJoIPZ2V0Y29tcG9zZXIub3JnghN3d3cuZ2V0Y29tcG9zZXIub3JnMA4G
A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYD
VR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hh
Mi1nMi5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLXNo
YTItZzIuY3JsMEIGA1UdIAQ7MDkwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEW
HGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwfAYIKwYBBQUHAQEEcDBuMCQG
CCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRgYIKwYBBQUHMAKG
Omh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJTZWN1cmVT
ZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAZ07d
PUGJmdueSrFMytwKiHB92OxqNRDtiGseYWidWIYuF9Uegj/oq8lZWdTyZuOl0fGG
z7eqNJQlNQ0Nee2bX0bBz3777HReracJ+p+0GeJlF0eXDpSLjh+8n6u/CsRJ/kmQ
9Q5bAS/YIk+P/gXgG9Mf3YjlhmglyFxxWtY66ivj4KpoggkitmEz6k6gEBnRMHYA
JuOeVeOQxXBFt5h1fOIrQP7mqfZ/1LADDVwxoepjczWplc+S2Q9Ciij/QoqPyGbK
ASMziu/XDQWm0+3HCZr5HbVGWybk4DaaCbWrYfQED3yFkOi54YNLBrVLHyUft77R
qL7FH5cFtqPuT+BqEg==
-----END CERTIFICATE-----
subject=/C=CH/ST=Z\xC3\xBCrich/L=Z\xC3\xBCrich/O=Nelmio
AG/CN=getcomposer.org
issuer=/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2921 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1472668388
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160831/aefaac07/attachment.html>


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux