Pluto crashes in FIPS mode in Centos7.4

General support questions
Post Reply
vyshnav
Posts: 52
Joined: 2017/09/12 03:37:54

Pluto crashes in FIPS mode in Centos7.4

Post by vyshnav » 2018/07/09 09:01:38

Hi,
In Centos 7.4, Pluto crashes in FIPS mode :
Because it expects the password in below format
"NSS FIPS 140-2 Certificate DB:nsspassword"
But it is currently the nsspassword is " NSS Certificate DB:nsspassword"
in the nsspassword files:
1./etc/ipsec.d/nsspassword
2:we use our custom nss db location ,in that file also its same.
when we change this nsspassword file to "NSS FIPS 140-2 Certificate DB:nsspassword" pluto comes up fine.
But still the NSS authentication is failing with the below error in logs:
Jun 27 12:36:11: authentication of "NSS FIPS 140-2 Certificate DB" failed
Jun 27 12:36:11: FATAL: NSS initialization failure

ipsec status is failing with below sniippets :
Process: 21004 ExecStop=/usr/libexec/ipsec/whack --shutdown (code=exited, status=1/FAILURE)
Jun 27 14:52:48 centos systemd[1]: Failed to start Internet Key Exchange (IKE) Protocol Daemon for IPsec.

I was using CentOS Linux release 7.4.1708 (Core) with libreswan-3.20-3.el7.x86_64.

Can you please help me to resolve this issue.

User avatar
TrevorH
Forum Moderator
Posts: 23454
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Pluto crashes in FIPS mode in Centos7.4

Post by TrevorH » 2018/07/09 09:40:19

7.4 is not supported. Libreswan was rebased again in 7.5. Run yum update
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

Post Reply