search

3rd-Eden / memcached

A fully featured Memcached client build on top of Node.js. Build with scaling in mind so it will support Memcached clusters and consistent hashing.
MIT License
1.31k stars 275 forks source link

memcache client not working when enabling FIPS mode #370

Open sathesun opened 1 year ago

sathesun commented 1 year ago

I have a docker image based on Alpine Linux 3.18 where the following items are compiled and installed in FIPS mode OpenSSL 3.0.8 Node v18 Nginx 1.25

Memcached(1.6.21) - Installed using apk add command

When we export the following flag and started the memcache. it is getting crashed within a few minutes, but memcache in the same image is working without these flags. I need these flags to be placed for the above-mentioned packages that need to work in FIPS mode

Since FIPS mode disables the md5 algorithm, what are other algorithms we can use? Because in the documentation it is mentioned as algorithm: md5, the hashing algorithm used to generate the hashRing values

Flags export OPENSSL_FIPS=1 export OPENSSL_CONF=/usr/local/ssl/openssl.cnf export OPENSSL_MODULES=/usr/local/lib64/ossl-modules export LD_LIBRARY_PATH=/usr/local/lib/:/usr/local/lib64/ export PKG_CONFIG_PATH=/usr/local/lib64/pkgconfig/

Error {"label":"express-app","level":"info","message":"GET /status 500 102ms","meta":{"req":{"headers":{"accept":"/","connection":"close","host":"127.0.0.1:8080","user-agent":"kube-probe/1.26+"},"httpVersion":"1.0","method":"GET","originalUrl":"/status","query":{},"url":"/status"},"res":{"statusCode":500},"responseTime":102}} {"label":"app","level":"info","message":"Sending Stats for: status"} {"label":"app","level":"info","message":"Access Log: ::ffff:127.0.0.1, --, --, 2023-07-31T12:11:18.875Z, GET, /status, 500, 15, 105, -- "} {"label":"scan-clients","level":"error","message":"Set key client:admin:connected_at failed, Error: connect ECONNREFUSED ::1:11211\n at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1494:16) {\n errno: -111,\n code: 'ECONNREFUSED',\n syscall: 'connect',\n address: '::1',\n port: 11211\n}"}

{"label":"scan","level":"error","message":"Set key client:test-service:connected_at failed, Error: Server at localhost:11211 not available\n at Client.memcachedCommand [as command] (node_modules/memcached/lib/memcached.js:306:70)\n at Client.setters (node_modules/memcached/lib/memcached.js:936:10)\n at Client.bowlofcurry [as set] (node_modules/memcached/lib/utils.js:126:15)\n at Object.set (kvtest.js:39:15)\n clients.js:99:13\n at node_modules/async/lib/async.js:718:13\n at iterate (node_modules/async/lib/async.js:262:13)\n at /node_modules/async/lib/async.js:274:29\n at node_modules/async/lib/async.js:44:16\n at ode_modules/async/lib/async.js:723:17"}

sathesun commented 1 year ago

One more Error

node:internal/crypto/hash:71 this[khandle] = new _hash(algorithm, xoflen); ^ error: error:0308010c:digital envelope routines::unsupported at new hash (node:internal/crypto/hash:71:19) at object.createhash (node:crypto:133:10)