On Thursday, 9 January 2020 17:42:47 CET, Jerry Blasdel wrote:
Here is more information. On the server that is having this issue, prior
to the FIPS_drbg_generate errors (these show up every time that worker pid
is selected to serve a request) we have a single OpenSSL error that shows
up in the logs.
SSL Library Error: error:2D06A07F: FIPS routines: FIPS_CHECK_EC:pairwise
test failed
Once we get that error, every time we try to serve a request in Apache
using that pid, it errors out. So, it seems like something randomly
corrupts that PID. Can someone provide some information about
FIPS_CHECK_EC: pairwise test failed.
I would try to eliminate hardware issue as a possible cause: run memcheck,
cpu
stress tests, etc.
Thanks
On Tue, Jan 7, 2020 at 7:21 AM Jerry Blasdel <jblaz2019@xxxxxxxxx> wrote:
I have several servers configured the same, running Apache
2.4X/OpenSSL1.02 fips-enabled.
On one server we periodically get the following errors in the Apache logs:
SSL Library Error: error:xxxxxx:FIPS_drbg_generate:selftest failed. In
some cases, the server continues to service requests, but in
other cases ...
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic