Regression: Fetch Of Group Admin-Keys Files Fails Under FIPS Mode #29

ferricoxide · 2018-09-25T15:15:23Z

Problem Description:

When operating under FIPS mode, the fetch of the Admin-Keys file will fail with a:

ToolError: Failed to retrieve https://s3.amazonaws.com/<BUCKET>/<KEY>/<GROUPKEY_FILE>:
error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips

Error when launching the Artifactory-EE EC2 templates.

Steps to reproduce:

Launch either Artifactory-EE EC2 template
Wait for launch to fail
Login to instance
View cfn-init.log file
Find previously shown error-snippet

Fix recommendation:

Add launch-logic to update the /usr/lib/python${PYVERS}/site-packages/cfnbootstrap/util.py file's default hash-method. Can use a simple sed type mechanism:

sed -i '/^[ \\t][ \\t]*self._etag/s/etag$/None/'

The text was updated successfully, but these errors were encountered:

ferricoxide added the bug Something isn't working label Sep 25, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Regression: Fetch Of Group Admin-Keys Files Fails Under FIPS Mode #29

Regression: Fetch Of Group Admin-Keys Files Fails Under FIPS Mode #29

ferricoxide commented Sep 25, 2018

Regression: Fetch Of Group Admin-Keys Files Fails Under FIPS Mode #29

Regression: Fetch Of Group Admin-Keys Files Fails Under FIPS Mode #29

Comments

ferricoxide commented Sep 25, 2018

Problem Description:

Steps to reproduce:

Fix recommendation: