Enable FIPS mode LUKS file systems with aes-xts-plain64

We've Kickstart built several RHEL7 systems using the default Anaconda encryption aes-xts-plain64 as shown below.

part /boot --fstype="xfs" --asprimary --ondisk=sda --size=500
part pv.00 --fstype="lvmpv" --ondisk=sda --grow --encrypted --passphrase='supersecretpassword'
part pv.01 --fstype="lvmpv" --ondisk=sdb --grow --encrypted --passphrase='supersecretpassword'

Then, we've followed procedure outlined https://access.redhat.com/solutions/256833 to get the systems to boot without having to supply a LUKS password.

When we enable FIPS mode, we are unable to boot the system anymore without taking the system back out of FIPS mode.

From what I can tell, aes-xts-plain64 might be the problem unsupported by FIPS.

Is there some procedure we can follow to get FIPS with aes-xts-plain64 to work with LUKS without going to extremes like outlined https://access.redhat.com/solutions/1162843 using the cryptsetup-reencrypt command?

Additionally, we have RHEL7 Kickstart built servers successfully running in FIPS mode without having followed the procedure to boot without supplying LUKS password.

I see issues with FIPS and LUKS addressed for RHEL6 but nothing for RHEL7.

Additional question, will Kickstart RHEL7 rebuilds using aes-cbc-essiv:sha256 solve the FIPS issue we are having?

part /boot --fstype="xfs" --asprimary --ondisk=sda --size=500
part pv.00 --fstype="lvmpv" --ondisk=sda --grow --encrypted --cipher=aes-cbc-essiv:sha256 --passphrase='supersecretpassword'
part pv.01 --fstype="lvmpv" --ondisk=sdb --grow --encrypted --cipher=aes-cbc-essiv:sha256 --passphrase='supersecretpassword'

Thanks