<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=utf-8">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <font face="Helvetica, Arial, sans-serif">I'm getting strange ssl
      errors on a server<br>
    </font><br>
    <font face="Helvetica, Arial, sans-serif"><font face="Helvetica,
        Arial, sans-serif">    140405310092952:error:2D079089:FIPS
        routines:fips_pkey_signature_test:test failure:fips_post.c:166:<br>
            140405310092952:error:2D06A07F:FIPS
        routines:FIPS_CHECK_EC:pairwise test failed:ec_key.c:249:<br>
            140405310092952:error:1409802B:SSL
        routines:ssl3_send_client_key_exchange:reason(43):s3_clnt.c:2869:<br>
      </font><br>
      What could be wrong?<br>
    </font><font face="Helvetica, Arial, sans-serif"><font
        face="Helvetica, Arial, sans-serif"><br>
        It's a VM inside OpenStack, on Xeon.<br>
      </font>OS:<br>
          Ubuntu 16.04 cloud image from 30-Aug-2016, apt-get upgraded<br>
      uname -a: <br>
          Linux host 4.4.0-36-generic #55-Ubuntu SMP Thu Aug 11 18:01:55
      UTC 2016 x86_64 x86_64 x86_64 GNU/Linux<br>
      openssl version:<br>
          OpenSSL 1.0.2g-fips  1 Mar 2016<br>
      <br>
      If I try it in a different VM, same OS, same packages, but
      different hardware (i7, VMWare Workstation) openssl connections
      work as expected.<br>
      <br>
      Shorter output follows, output with </font><font face="Helvetica,
      Arial, sans-serif"><font face="Helvetica, Arial, sans-serif">-debug
        -msg -state </font>is at <a class="moz-txt-link-freetext" href="http://pastebin.com/ELRPqSe7">http://pastebin.com/ELRPqSe7</a><br>
      <br>
      # openssl s_client -connect getcomposer.org:443<br>
      CONNECTED(00000003)<br>
      depth=2 C = US, O = DigiCert Inc, OU = <a class="moz-txt-link-abbreviated" href="http://www.digicert.com">www.digicert.com</a>, CN =
      DigiCert Global Root CA<br>
      verify return:1<br>
      depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server
      CA<br>
      verify return:1<br>
      depth=0 C = CH, ST = Z\C3\BCrich, L = Z\C3\BCrich, O = Nelmio AG,
      CN = getcomposer.org<br>
      verify return:1<br>
      140405310092952:error:2D079089:FIPS
      routines:fips_pkey_signature_test:test failure:fips_post.c:166:<br>
      140405310092952:error:2D06A07F:FIPS
      routines:FIPS_CHECK_EC:pairwise test failed:ec_key.c:249:<br>
      140405310092952:error:1409802B:SSL
      routines:ssl3_send_client_key_exchange:reason(43):s3_clnt.c:2869:<br>
      ---<br>
      Certificate chain<br>
       0 s:/C=CH/ST=Z\xC3\xBCrich/L=Z\xC3\xBCrich/O=Nelmio
      AG/CN=getcomposer.org<br>
         i:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA<br>
       1 s:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA<br>
         i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global
      Root CA<br>
      ---<br>
      Server certificate<br>
      -----BEGIN CERTIFICATE-----<br>
      MIIFGTCCBAGgAwIBAgIQA/CSzSaY2b4dUqeC6GV40DANBgkqhkiG9w0BAQsFADBN<br>
      MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E<br>
      aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTQwNjMwMDAwMDAwWhcN<br>
      MTcwODAxMTIwMDAwWjBfMQswCQYDVQQGEwJDSDEQMA4GA1UECAwHWsO8cmljaDEQ<br>
      MA4GA1UEBwwHWsO8cmljaDESMBAGA1UEChMJTmVsbWlvIEFHMRgwFgYDVQQDEw9n<br>
      ZXRjb21wb3Nlci5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDY<br>
      /rinDi/amwLzf4Nc6vaWfRgRV4UMstDp0aPpF9ZJVApUzks6adk4i/1GbgusjQ8j<br>
      xuCpUih7FQdM0H/rwGAB1ydvMzvvQBa18DU3/2FNdEcQwJnK3VE/xV4OCKIS7xFa<br>
      LQm/W0jhkY3k++a68aGB/T3/mPxkQMxFNVFKwRRlS+GeKVIavfYkJZrfWobztVjb<br>
      bMFsxaIqHBCb7Jo0pGAbYoaedWncuUYDNIaez04ejIataxW5rwBapsKBRtRe92bn<br>
      sbU40IxrJ9R9amksYayJLYNhG/V8PIkQiibMrP4KVZH2XVZOMCpkrJFyW9l4Y2rm<br>
      aB89RzCU3a0yRu3NCv2fAgMBAAGjggHhMIIB3TAfBgNVHSMEGDAWgBQPgGEcgjFh<br>
      1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQUm5Dn9S1j0h3hvmp9dp3CIY9UpSowLwYD<br>
      VR0RBCgwJoIPZ2V0Y29tcG9zZXIub3JnghN3d3cuZ2V0Y29tcG9zZXIub3JnMA4G<br>
      A1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYD<br>
      VR0fBGQwYjAvoC2gK4YpaHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hh<br>
      Mi1nMi5jcmwwL6AtoCuGKWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLXNo<br>
      YTItZzIuY3JsMEIGA1UdIAQ7MDkwNwYJYIZIAYb9bAEBMCowKAYIKwYBBQUHAgEW<br>
      HGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwfAYIKwYBBQUHAQEEcDBuMCQG<br>
      CCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRgYIKwYBBQUHMAKG<br>
      Omh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJTZWN1cmVT<br>
      ZXJ2ZXJDQS5jcnQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQsFAAOCAQEAZ07d<br>
      PUGJmdueSrFMytwKiHB92OxqNRDtiGseYWidWIYuF9Uegj/oq8lZWdTyZuOl0fGG<br>
      z7eqNJQlNQ0Nee2bX0bBz3777HReracJ+p+0GeJlF0eXDpSLjh+8n6u/CsRJ/kmQ<br>
      9Q5bAS/YIk+P/gXgG9Mf3YjlhmglyFxxWtY66ivj4KpoggkitmEz6k6gEBnRMHYA<br>
      JuOeVeOQxXBFt5h1fOIrQP7mqfZ/1LADDVwxoepjczWplc+S2Q9Ciij/QoqPyGbK<br>
      ASMziu/XDQWm0+3HCZr5HbVGWybk4DaaCbWrYfQED3yFkOi54YNLBrVLHyUft77R<br>
      qL7FH5cFtqPuT+BqEg==<br>
      -----END CERTIFICATE-----<br>
      subject=/C=CH/ST=Z\xC3\xBCrich/L=Z\xC3\xBCrich/O=Nelmio
      AG/CN=getcomposer.org<br>
      issuer=/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA<br>
      ---<br>
      No client certificate CA names sent<br>
      Peer signing digest: SHA512<br>
      Server Temp Key: ECDH, P-256, 256 bits<br>
      ---<br>
      SSL handshake has read 2921 bytes and written 0 bytes<br>
      ---<br>
      New, (NONE), Cipher is (NONE)<br>
      Server public key is 2048 bit<br>
      Secure Renegotiation IS supported<br>
      Compression: NONE<br>
      Expansion: NONE<br>
      No ALPN negotiated<br>
      SSL-Session:<br>
          Protocol  : TLSv1.2<br>
          Cipher    : 0000<br>
          Session-ID:<br>
          Session-ID-ctx:<br>
          Master-Key:<br>
          Key-Arg   : None<br>
          PSK identity: None<br>
          PSK identity hint: None<br>
          SRP username: None<br>
          Start Time: 1472668388<br>
          Timeout   : 300 (sec)<br>
          Verify return code: 0 (ok)</font>
  </body>
</html>