FIPS (Federal Information Processing Standard) can be enabled (by default or not) on linux kernels to enable the FIPS kernel cryptographic features.
But in some case, this can also lead to some issues with openssl, or any cryptographic tool that you can use within any code.
You can check if FIPS is enabled with that command:
# cat /proc/sys/crypto/fips_enabled
1If you need to turn this feature off, you will have to first remove any dracut-fips package that you have installed:
# yum -y remove dracut-fips* Then, take a backup of the FIPS initramfs and recreate a new file:
# cp -p /boot/initramfs-$(uname -r).img /opt/initramfs-$(uname -r).backup
# dracut -f Once the file creation is complete, update your GRUB configuration to disable fips flag and rebuild grub configuration
# perl -pi -e 's/fips=1/fips=0/g' /etc/default/grub
# grub2-mkconfig -o /boot/grub2/grub.cfg
# grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfgNow, reboot the server and if you check FIPS status again, it should return a value of 0 indicating that FIPS is disabled:
# cat /proc/sys/crypto/fips_enabled
0