Policy fetch fails on SCC with FIPS cipher suite

Categories: SteelCentral Controller for SteelHead (CMC-VE), SteelCentral Controller for SteelHead (Central Management Console), SteelHead (Appliance)
Solution Number: S30223

Issue

When trying to create a policy on a SCC from a running configuration of a SteelHead, there is a policy fetch error with the SSL advanced setting page related to a FIPS cipher string on the SteelHead

The SCC reports the error below on the Management Console Interface

Failure writing policy to system DB :’TLSv1.2+FIPS:kRSA+FIPS:!eNULL:!aNULL’ is not valid, thrown at sub_commit(), node_rw.cc:302’”.

And at the same time the errors below are observed in the SCC log

Mar 6 13:09:27 SCC mgmtd[3766]: [mgmtd.WARNING]: Value 'TLSv1.2+FIPS:kRSA+FIPS:!eNULL:!aNULL' is not valid. 
Mar 6 13:09:27
SCC mgmtd[3766]: [mgmtd.WARNING]: Value 'TLSv1.2+FIPS:kRSA+FIPS:!eNULL:!aNULL' is not valid. 

The SteelHead also has a configuration parameter for the FIPS cipher string as seen below

protocol ssl backend server cipher-string "TLSv1.2+FIPS:kRSA+FIPS:!eNULL:!aNULL" cipher-num 1
 

Solution

Please upgrade the SCC to version 9.5.0 or later to resolve this issue. If upgrading the SCC to version 9.5.0 or later does not resolve your issue please contact Riverbed Support for further assistance

Environment

SCC 9.2.0 - 9.2.2
Policy Fetch
SSL Advanced Settings
FIPS
NOTICE: Riverbed® product names have changed. Please refer to the Product List for a complete list of product names.
Last Modified: 2017-03-17
Can't find an answer? Create a case