Re: [HTCondor-users] Condor_master aborting because of FIPS mode

[Zach Miller <zmiller@xxxxxxxxxxx>]

Hello,

We do have a version of HTCondor that is FIPS compliant, which you can find here:
	https://research.cs.wisc.edu/htcondor/yum/fips/

Currently, this version is not compatible with non-FIPS versions of HTCondor.  But if everything in your pool is running this version, you will be fine.

Merging this into our main release branch and adding support for modern encryption and digest methods is under active development and is expected to be added still in our 8.9.X series.


Cheers,
-zach


ïOn 7/14/20, 8:19 AM, "HTCondor-users on behalf of Vechinski, Douglas" <htcondor-users-bounces@xxxxxxxxxxx on behalf of douglas.vechinski@xxxxxxxxxx> wrote:

    I am attempting to get Condor (8.8.9) setup and configured on a new machine running RHEL 7.7. Presently this machine is the only machine in the pool. (More machines are planned on being added later once this machine gets up and running.) Anyway, I âinstalledâ Condor (8.8.9) from a tarball and modified the Condor configuration files to be somewhat similar to our current (but older) setup of Condor on a different network. At the moment I am attempting to start condor_master manually (as root via sudo) to get it debugged before  trying to get it to start as a service. I am currently at the point, where, when  attempting to start it, I am getting the following fatal error:

    md5_dgst.c(82): OpenSSL internal error, assertion failed: Digest MD5 forbidden in FIPS mode.

    Iâm told that disabling FIPS mode is unlikely to be an option. While there are no specific SEC_* macros being set in the configuration files I am using, I tried setting a few SEC_DEFAULT_* ones to False to see if that would work. However, I am still receiving the same error. Thoughts/suggestions of what to look at next?