You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
2024-09-09T03:40:55.312585Z DEBUG vector::app: Internal log rate limit configured. internal_log_rate_secs=10
2024-09-09T03:40:55.312628Z INFO vector::app: Log level is enabled. level="trace"
2024-09-09T03:40:55.312681Z DEBUG vector::app: messaged="Building runtime." worker_threads=4
2024-09-09T03:40:55.313849Z INFO vector::app: Loading configs. paths=["/etc/vector/vector.yaml"]
2024-09-09T03:40:55.314984Z DEBUG vector::config::loading: No secret placeholder found, skipping secret resolution.
2024-09-09T03:40:55.315302Z DEBUG vector::topology::builder: Building new source. component=syslog
2024-09-09T03:40:55.316659Z DEBUG vector::topology::builder: Building new sink. component=datadog
2024-09-09T03:40:55.316906Z DEBUG vector::topology::builder: Building new sink. component=testing
2024-09-09T03:40:55.316996Z ERROR vector::topology::builder: Configuration error. error=Source "syslog": Could not parse private key in "/etc/vector/ssl/server.key": error:1E000066:DECODER routines:OSSL_DECODER_from_bio:reason(102):crypto/encode_decode/decoder_lib.c:60:No decoders were found. For standard decoders you need at least one of the default or base providers available. Did you forget to load them?, error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:355:Global default library context, Algorithm (AES-256-CBC : 9), Properties ()
2024-09-09T03:40:55.317011Z ERROR vector::topology::builder: Configuration error. error=Sink "datadog": Failed to build TLS connector: Could not build TLS connector: error:0A0000A1:SSL routines:SSL_CTX_new_ex:library has no ciphers:ssl/ssl_lib.c:3955:
Originally discovered this issue while trying to run vector on Ubuntu 22.04 with Pro and FIPS enabled. Was able to create a alpine container configured with the fips provider to reproduce the issue.
Thanks for looking into this @h0tw1r3 ! I see the openssl-src PR was merged so we can include it in the next openssl-src version bump.
I have a vague memory that some people using the OpenSSL FIPS module with Vector have been rebuilding Vector with OpenSSL dynamically linked as opposed to using the distributed artifacts which have OpenSSL statically linked, but it seems like it may be possible to include the module dynamically? I haven't played with it myself.
@hhromic wrote the doc that you linked to. cc/ing him here for possible input.
A note for the community
Problem
The documentation at https://vector.dev/docs/reference/configuration/tls/#fips-provider-example suggests that openssl configured in "FIPS mode" should or was working at one time.
Any attempt to set up a TLS input, or connect to a sink TLS endpoint that uses openssl fails.
Configuration
Version
0.40.1
Debug Output
Example Data
Test workflows:
FIPS (not working): https://github.com/h0tw1r3/vector-fips/actions/runs/10766127156/job/29851381228
Default (working): https://github.com/h0tw1r3/vector-fips/actions/runs/10766176636/job/29851509861
Additional Context
Originally discovered this issue while trying to run vector on Ubuntu 22.04 with Pro and FIPS enabled. Was able to create a alpine container configured with the fips provider to reproduce the issue.
Project and pre-built image here: https://github.com/h0tw1r3/alpine-fips/pkgs/container/alpine-fips
Created a project to easily track testing different versions of vector and alpine fips configurations here: https://github.com/h0tw1r3/vector-fips
Excerpt from an strace shows that the fips provider is never opened.
References
No response
The text was updated successfully, but these errors were encountered: