tedious icon indicating copy to clipboard operation
tedious copied to clipboard

Published 20 hours ago verified publisher icon tediousjs

Error ERR_OSSL_EVP_UNSUPPORTED when running with enabled FIPS

Open akairyuu1993 opened this issue 4 years ago • 4 comments

Hi all!

I built node with FIPS compliance and got the above Err. I found in ntlm-payload.js that tedious using hash algorithm md4 and md5 which is not supported FIPS.

I'm using:

  • Node : 16.11.0 (built with FIPS enable)
  • mssql: 6.3.2
  • Openssl 3.0

Any help?

akairyuu1993 avatar Oct 27 '21 15:10 akairyuu1993

Those algorithms are only used when you use NTLM authentication - and there is no way around them, because they are required for NTLM autehntication. Are you using NTLM authentication?

arthurschreiber avatar Oct 27 '21 16:10 arthurschreiber

Yes. I'm using AD login in trusted domain.

akairyuu1993 avatar Oct 27 '21 16:10 akairyuu1993

Yeah, that is not compatible with FIPS mode. In theory, there is a more modern authentication method for integrated authentication via the kerberos that uses more modern algorithms that are FIPS compliant, but tedious does not support this currently. 😞

arthurschreiber avatar Oct 28 '21 12:10 arthurschreiber

I encountered this recently on the newer versions of node. To mitigate we found we had to enable the legacy ssl support for the newer node version: NODE_OPTIONS=--openssl-legacy-provider or start node with the --openssl-legacy-provider argument.

chriseaton avatar May 06 '22 01:05 chriseaton