Pluto Not supporting SHA-256 in FIPS mode in RHEL 6

Solution Verified - Updated -

Issue

When trying to create an IPsec policy using ipsec auto --add office_tunnel where the connection configuration is

conn office_tunnel
        left=xx.xx.xx.xx
        leftcert=xxxxx
        leftrsasigkey=%cert
        leftid="C=xxx, O=xxxxx, OU=xxxxx, CN=xxxxx, ST=xx, L=xxx"
        right=xx.xx.xx.xx
        rightcert=xxxxx
        rightrsasigkey=%cert
        rightid=""
        authby=rsasig
        rekey=yes
        ike=3des-sha2_256-modp1024
        esp=3des-sha2_256
        auto=add

We get the following error
034 esp string error: SHA2 Not supported in FIPS mode with NSS, enc_alg="3des", auth_alg="sha2_256", modp="modp1024" .

The tunnel is created successfully in non-FIPS mode.

Environment

  • Red Hat Enterprise Linux (RHEL) 6
  • openswan-2.6.32-20

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.