[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qemu-discuss
Subject:    Re: Error SSL qemu KVM on AMD 3900X
From:       Jakob Bohm <jb-gnumlists () wisemo ! com>
Date:       2020-06-19 16:59:24
Message-ID: 5909a82e-a639-7458-8e3b-fe54d96b9749 () wisemo ! com
[Download RAW message or body]

On 18/06/2020 05:21, support@vietpn.com wrote:
> OpenSSL: error:2D06D075:FIPS routines:fips_pkey_signature_test:test 
> failure
> OpenSSL: error:2D08E06B:FIPS routines:FIPS_CHECK_EC:pairwise test failed
> OpenSSL: error:1409802B:SSL 
> routines:ssl3_send_client_key_exchange:reason(43)
> Unable to establish SSL connection.
>
> When running on AMD chips the server cannot boot if the multiplier 
> core is greater than 1.
> And all get SSL errors.
>
> Cant you help me!
>
> I'm running on CentOS 7.8.2003
>
This looks like a general OpenSSL issue.

You seem to be running RedHat modified OpenSSL 1.0.x series with FIPS (US
government) mode enabled.

You will have to look for RedHat-specific solutions because the OpenSSL
foundation has dropped support since Dec 31, 2019.

OpenSSL upstream currently only supports OpenSSL 1.1.1 which has no FIPS
mode.

In early may, someone reported a problem with AMD CPU compatibility in 
OpenSSL
1.1.1, but no details have been posted on their user mailing list yet.

Hope this helps.

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Soborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded



[prev in list] [next in list] [prev in thread] [next in thread]