Skip to main content
Support

KB Article #181481

"FIPS mode not supported" error when upgrading

Problem

When running sysupgrade apply, you see an error like the following:


REPORT 01/Jan/2021:00:00:00.000 [0000:000000000000000000000000] Creating new system
REPORT 01/Jan/2021:00:00:00.000 [0000:000000000000000000000000] -------------------
INFO   01/Jan/2021:00:00:00.000 [0000:000000000000000000000000]     Enabling FIPS on new system
ERROR  01/Jan/2021:00:00:00.000 [0000:000000000000000000000000]     ERROR: java.io.IOException: FIPS mode not supported


Resolution

This error occurs when a system running in FIPS mode is exported and then sysupgrade apply is run in 7.7 March 2020 or later, because those versions currently do not support FIPS due to changes within OpenSSL. As of March 2021, OpenSSL 3.0 is not available as is documented in the section on FIPS mode but a future release with that is planned to support FIPS again.


To resolve this error, run ./togglefips --disable in the old environment to disable FIPS mode, then redo the sysupgrade export and sysupgrade upgrade steps to export a new, non-FIPS configuration that you can use with sysupgrade apply to the new 7.7 environment, using the --force option to redo the export, as documented in the Sysupgrade command reference.