EDR: Services fail to start when FIPS 140-2 applied on RHEL 8.x
Article ID: 290393
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- supervisord.log shows cb-enterprised constantly starting and stopping
- Error in enterprise.log and journalctl show
-
cryptography.exceptions.InternalError: Unknown OpenSSL error. This error is commonly encountered when another library is not cleaning up the OpenSSL error stack. If you are using cryptography with another library that uses OpenSSL try disabling it before reporting a bug
-
Environment
- EDR Server: 7.7 and below
- RHEL 8.x
- CentOS 8.x
- FIPS 140-2 compliance enabled
Cause
Interoperability issue with openssl
Resolution
- Workarounds
- Disable FIPS compliance features will allow the services to run
- Use RHEL 6 or 7
- Support for FIPS 140-2 was added in Server 7.8
Feedback
Yes
No
Powered by
