[Swan] Pluto crashes in FIPS mode in Centos7.4
Veetil, Vyshnav
Vyshnav.Veetil at harman.com
Mon Jul 9 09:12:46 UTC 2018
Hi,
In Centos 7.4, Pluto crashes in FIPS mode :
Because it expects the password in below format
"NSS FIPS 140-2 Certificate DB:nsspassword"
But it is currently the nsspassword is " NSS Certificate DB:nsspassword"
in the nsspassword files:
1./etc/ipsec.d/nsspassword
2:we use our custom nss db location ,in that file also its same.
when we change this nsspassword file to "NSS FIPS 140-2 Certificate DB:nsspassword" pluto comes up fine.
But still the NSS authentication is failing with the below error in logs:
Jun 27 12:36:11: authentication of "NSS FIPS 140-2 Certificate DB" failed
Jun 27 12:36:11: FATAL: NSS initialization failure
ipsec status is failing with below sniippets :
Process: 21004 ExecStop=/usr/libexec/ipsec/whack --shutdown (code=exited, status=1/FAILURE)
Jun 27 14:52:48 centos systemd[1]: Failed to start Internet Key Exchange (IKE) Protocol Daemon for IPsec.
I was using CentOS Linux release 7.4.1708 (Core) with libreswan-3.20-3.el7.x86_64.
Can you please help me to resolve this issue.
Regards,
Vyshnav
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20180709/a17ea0c7/attachment.html>
More information about the Swan
mailing list