Re: intermittent Apache/OpenSSL error hangs server

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thursday, 9 January 2020 17:42:47 CET, Jerry Blasdel wrote:
Here is more information.  On the server that is having this issue, prior
to the FIPS_drbg_generate errors (these show up every time that worker pid
is selected to serve a request) we have a single OpenSSL error that shows
up in the logs.

SSL Library Error: error:2D06A07F: FIPS routines: FIPS_CHECK_EC:pairwise
test failed

Once we get that error, every time we try to serve a request in Apache
using that pid, it errors out.  So, it seems like something randomly
corrupts that PID.  Can someone provide some information about
FIPS_CHECK_EC: pairwise test failed.

I would try to eliminate hardware issue as a possible cause: run memcheck, cpu
stress tests, etc.

Thanks

On Tue, Jan 7, 2020 at 7:21 AM Jerry Blasdel <jblaz2019@xxxxxxxxx> wrote:

I have several servers configured the same, running Apache
2.4X/OpenSSL1.02 fips-enabled.

On one server we periodically get the following errors in the Apache logs:

SSL Library Error: error:xxxxxx:FIPS_drbg_generate:selftest failed.  In
some cases, the server continues to service requests, but in other cases ...



--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux