Here is more information. On the server that is having this issue, prior to the FIPS_drbg_generate errors (these show up every time that worker pid is selected to serve a request) we have a single OpenSSL error that shows up in the logs.
SSL Library Error: error:2D06A07F: FIPS routines: FIPS_CHECK_EC:pairwise test failed Once we get that error, every time we try to serve a request in Apache using that pid, it errors out. So, it seems like something randomly corrupts that PID. Can someone provide some information about FIPS_CHECK_EC: pairwise test failed. Thanks On Tue, Jan 7, 2020 at 7:21 AM Jerry Blasdel <jblaz2...@gmail.com> wrote: > I have several servers configured the same, running Apache > 2.4X/OpenSSL1.02 fips-enabled. > > On one server we periodically get the following errors in the Apache logs: > > SSL Library Error: error:xxxxxx:FIPS_drbg_generate:selftest failed. In > some cases, the server continues to service requests, but in other cases > the server hangs and will not process requests until the worker pid > receiving the error is killed, or a kill -HUP is issues on the Apache root > pid. > > I see someone else had a similar issue but I can't find any resolution. > > https://mta.openssl.org/pipermail/openssl-users/2016-October/004657.html > > Other information... > > We have looked at the entropy on the server when it is working properly vs > when it hangs and could not find any big differences. > > Also, SSLRandomSeed is configured for startup and connect in Apache. > > Any help would be appreciated. > > Thanks >
