Troubleshooting
Problem
In the STAP event log in the GUI you see an entry like LOG_ERR: Not FIPS 140-2 compliant - use_tls=0 failover_tls=1.
Cause
FIPS 140-2 is a US government security standard for cryptographic modules. If you see this message it indicates that the STAP is configured in a way that does not meet the standard.
Note - This message does not indicate any error with the STAP
If you wish to enable FIPS compliance, the guard_tap.ini file must have:
- use_tls=1
failover_tls=0
Any other combination will turn off FIPS mode and result in the message as above.
Environment
You will only see a FIPS message if FIPS mode is implemented on your STAP type. As of April 2013 and subject to future changes:
- FIPS is available for:
- all Solaris
- all AIX
- all Linux, except for PowerPC (RHEL 5 ppc64 and SUSE 10 ppc64)
FIPS is not available for:
- Linux - Red Hat 5 PowerPC and SUSE 10 PowerPC
- HPUX
Resolving The Problem
You can change the configuration by one of the methods below:
A - In the GUI->Administration Console->STAP Control page.
- Modify the details section for the relevant STAP and use the TLS tick boxes.
Restart the STAP using the "Send command" button on the same GUI page.
B - Edit the guard_tap.ini file on the DB server directly and restart the STAP.
NOTE : If you do not want to use TLS in your environment it is safe to ignore the message.
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21663526