Error enabling fips mode in vector agent image - Client creation error: SSL_CTX_new(), library has no ciphers

Question

I am trying to make the following vector image - timberio/vector:0.39.0-debian fips compliant. The image is to run in openshift cluster, and logs are to be send to kafka(MSK) and cloudwatch in AWS. But get the follwing error in logs for kafka -

ERROR vector::topology::builder: Configuration error. error=Sink "kafka_sink": creating kafka producer failed: Client creation error: SSL_CTX_new() failed: ssl/ssl_lib.c:3955:(unknown function) error:0A0000A1:SSL routines::library has no ciphers

I'm trying to enable ciphers through a cnf file, but not working at the moment.

and the following openssl-fips.cnf file -

# OpenSSL Configuration File

openssl_conf = openssl_init

# Initialization of OpenSSL settings
[openssl_init]
providers = provider_sect
cipher_strings = default

# Specify the providers
[provider_sect]
fips = fips_sect
base = base_sect

# Base provider settings
[base_sect]
activate = 1

# FIPS provider settings
[fips_sect]
activate = 1

# Cipher configuration
[openssl_init]
cipher_strings = @SECLEVEL=2

Please help me understand where I am making mistake, any help would be appreciated.

Error enabling fips mode in vector agent image - Client creation error: SSL_CTX_new(), library has no ciphers

Answers (0)

Related Questions