Problem Note 67416: SAS® 9.4M7 fails to load FIPS 140-2 capable OpenSSL libraries when the ENCRYPTFIPS system option is enabled
SAS 9.4M7 (TS1M7) on Linux fails to load FIPS 140-2 capable OpenSSL libraries when the ENCRYPTFIPS system option is enabled. This behavior means that, even when FIPS 140-2 capable OpenSSL libraries are available on the system and SAS LD_LIBRARY_PATH is updated to find these libraries first, the following error occurs:
ERROR: The SSL provider is not in FIPS 140-2 mode.
Note that the error message is accurate if FIPS 140-2 capable OpenSSL libraries are not available on the system or cannot be found via the SAS LD_LIBRARY_PATH setting. Refer to Building FIPS 140-2 Capable OpenSSL on UNIX in Encryption in SAS® 9.4, Sixth Edition for more information.
A workaround for the problem is to rename the following files in SASFoundation/9.4/sasexe:
- libssl.so.1.0.0
- libcrypto.so.1.0.0
Here is an example:
mv /opt/sas/SASFoundation/9.4/sasexe/libssl.so.1.0.0 /opt/sas/SASFoundation/9.4/sasexe/libssl.so.1.0.0.disableforfips
mv /opt/sas/SASFoundation/9.4/sasexe/libcrypto.so.1.0.0 /opt/sas/SASFoundation/9.4/sasexe/libcrypto.so.1.0.0.disableforfips
Click the Hot Fix tab in this note to access the hot fix for this issue.
Operating System and Release Information
SAS System | Base SAS | Linux for x64 | 9.4_M7 | 9.4_M8 | 9.4 TS1M7 | 9.4 TS1M8 |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
Type: | Problem Note |
Priority: | high |
Date Modified: | 2021-03-16 12:39:42 |
Date Created: | 2021-02-11 15:04:37 |