Pluto Not supporting SHA-256 in FIPS mode in RHEL 6

Solution Verified - Updated -

Issue

When trying to create an IPsec policy using ipsec auto --add office_tunnel where the connection configuration is

conn office_tunnel
        left=xx.xx.xx.xx
        leftcert=xxxxx
        leftrsasigkey=%cert
        leftid="C=xxx, O=xxxxx, OU=xxxxx, CN=xxxxx, ST=xx, L=xxx"
        right=xx.xx.xx.xx
        rightcert=xxxxx
        rightrsasigkey=%cert
        rightid=""
        authby=rsasig
        rekey=yes
        ike=3des-sha2_256-modp1024
        esp=3des-sha2_256
        auto=add

We get the following error
034 esp string error: SHA2 Not supported in FIPS mode with NSS, enc_alg="3des", auth_alg="sha2_256", modp="modp1024" .

The tunnel is created successfully in non-FIPS mode.

Environment

  • Red Hat Enterprise Linux (RHEL) 6
  • openswan-2.6.32-20

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content