intermittent Apache/OpenSSL error hangs server
Hubert Kario
hkario at redhat.com
Thu Jan 9 18:48:22 UTC 2020
On Thursday, 9 January 2020 17:42:47 CET, Jerry Blasdel wrote:
> Here is more information. On the server that is having this issue, prior
> to the FIPS_drbg_generate errors (these show up every time that worker pid
> is selected to serve a request) we have a single OpenSSL error that shows
> up in the logs.
>
> SSL Library Error: error:2D06A07F: FIPS routines: FIPS_CHECK_EC:pairwise
> test failed
>
> Once we get that error, every time we try to serve a request in Apache
> using that pid, it errors out. So, it seems like something randomly
> corrupts that PID. Can someone provide some information about
> FIPS_CHECK_EC: pairwise test failed.
I would try to eliminate hardware issue as a possible cause: run memcheck,
cpu
stress tests, etc.
> Thanks
>
> On Tue, Jan 7, 2020 at 7:21 AM Jerry Blasdel <jblaz2019 at gmail.com> wrote:
>
>> I have several servers configured the same, running Apache
>> 2.4X/OpenSSL1.02 fips-enabled.
>>
>> On one server we periodically get the following errors in the Apache logs:
>>
>> SSL Library Error: error:xxxxxx:FIPS_drbg_generate:selftest failed. In
>> some cases, the server continues to service requests, but in
>> other cases ...
>
>
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
More information about the openssl-users
mailing list