Pluto Not supporting SHA-256 in FIPS mode in RHEL 6
Issue
When trying to create an IPsec policy using ipsec auto --add office_tunnel where the connection configuration is
conn office_tunnel
left=xx.xx.xx.xx
leftcert=xxxxx
leftrsasigkey=%cert
leftid="C=xxx, O=xxxxx, OU=xxxxx, CN=xxxxx, ST=xx, L=xxx"
right=xx.xx.xx.xx
rightcert=xxxxx
rightrsasigkey=%cert
rightid=""
authby=rsasig
rekey=yes
ike=3des-sha2_256-modp1024
esp=3des-sha2_256
auto=add
We get the following error
034 esp string error: SHA2 Not supported in FIPS mode with NSS, enc_alg="3des", auth_alg="sha2_256", modp="modp1024" .
The tunnel is created successfully in non-FIPS mode.
Environment
- Red Hat Enterprise Linux (RHEL) 6
- openswan-2.6.32-20
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
