intermittent Apache/OpenSSL error hangs server

Hubert Kario hkario at
Thu Jan 9 18:48:22 UTC 2020

On Thursday, 9 January 2020 17:42:47 CET, Jerry Blasdel wrote:
> Here is more information.  On the server that is having this issue, prior
> to the FIPS_drbg_generate errors (these show up every time that worker pid
> is selected to serve a request) we have a single OpenSSL error that shows
> up in the logs.
> SSL Library Error: error:2D06A07F: FIPS routines: FIPS_CHECK_EC:pairwise
> test failed
> Once we get that error, every time we try to serve a request in Apache
> using that pid, it errors out.  So, it seems like something randomly
> corrupts that PID.  Can someone provide some information about
> FIPS_CHECK_EC: pairwise test failed.

I would try to eliminate hardware issue as a possible cause: run memcheck, 
stress tests, etc.

> Thanks
> On Tue, Jan 7, 2020 at 7:21 AM Jerry Blasdel <jblaz2019 at> wrote:
>> I have several servers configured the same, running Apache
>> 2.4X/OpenSSL1.02 fips-enabled.
>> On one server we periodically get the following errors in the Apache logs:
>> SSL Library Error: error:xxxxxx:FIPS_drbg_generate:selftest failed.  In
>> some cases, the server continues to service requests, but in 
>> other cases ...

Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Red Hat Czech s.r.o., Purkyňova 115, 612 00  Brno, Czech Republic

More information about the openssl-users mailing list