Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

memcache client not working when enabling FIPS mode #370

Open
sathesun opened this issue Aug 17, 2023 · 1 comment
Open

memcache client not working when enabling FIPS mode #370

sathesun opened this issue Aug 17, 2023 · 1 comment

Comments

@sathesun
Copy link

I have a docker image based on Alpine Linux 3.18 where the following items are compiled and installed in FIPS mode
OpenSSL 3.0.8
Node v18
Nginx 1.25

Memcached(1.6.21) - Installed using apk add command

When we export the following flag and started the memcache. it is getting crashed within a few minutes, but memcache in the same image is working without these flags. I need these flags to be placed for the above-mentioned packages that need to work in FIPS mode

Since FIPS mode disables the md5 algorithm, what are other algorithms we can use? Because in the documentation it is mentioned as algorithm: md5, the hashing algorithm used to generate the hashRing values

Flags
export OPENSSL_FIPS=1
export OPENSSL_CONF=/usr/local/ssl/openssl.cnf
export OPENSSL_MODULES=/usr/local/lib64/ossl-modules
export LD_LIBRARY_PATH=/usr/local/lib/:/usr/local/lib64/
export PKG_CONFIG_PATH=/usr/local/lib64/pkgconfig/

Error
{"label":"express-app","level":"info","message":"GET /status 500 102ms","meta":{"req":{"headers":{"accept":"/","connection":"close","host":"127.0.0.1:8080","user-agent":"kube-probe/1.26+"},"httpVersion":"1.0","method":"GET","originalUrl":"/status","query":{},"url":"/status"},"res":{"statusCode":500},"responseTime":102}}
{"label":"app","level":"info","message":"Sending Stats for: status"}
{"label":"app","level":"info","message":"Access Log: ::ffff:127.0.0.1, --, --, 2023-07-31T12:11:18.875Z, GET, /status, 500, 15, 105, -- "}
{"label":"scan-clients","level":"error","message":"Set key client:admin:connected_at failed, Error: connect ECONNREFUSED ::1:11211\n at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1494:16) {\n errno: -111,\n code: 'ECONNREFUSED',\n syscall: 'connect',\n address: '::1',\n port: 11211\n}"}

{"label":"scan","level":"error","message":"Set key client:test-service:connected_at failed, Error: Server at localhost:11211 not available\n at Client.memcachedCommand [as command] (node_modules/memcached/lib/memcached.js:306:70)\n at Client.setters (node_modules/memcached/lib/memcached.js:936:10)\n at Client.bowlofcurry [as set] (node_modules/memcached/lib/utils.js:126:15)\n at Object.set (kvtest.js:39:15)\n clients.js:99:13\n at node_modules/async/lib/async.js:718:13\n at iterate (node_modules/async/lib/async.js:262:13)\n at /node_modules/async/lib/async.js:274:29\n at node_modules/async/lib/async.js:44:16\n at ode_modules/async/lib/async.js:723:17"}
@sathesun
Copy link
Author

One more Error

node:internal/crypto/hash:71 this[khandle] = new _hash(algorithm, xoflen); ^ error: error:0308010c:digital envelope routines::unsupported at new hash (node:internal/crypto/hash:71:19) at object.createhash (node:crypto:133:10)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sathesun