FIPS violation: SHA-1 hash algorithm is not allowed in FIPS mode.

[Jean-Pierre Rasquin]

Hi,

 

On a Ubuntu 20.04 I installed icaclient_22.7.0.20_amd64.deb

I try to connect to the newly installed  Citrix 2203 LTSR on Windows 2019.

 

When I try to add my store I get the following error:

$ /opt/Citrix/ICAClient/util/storebrowse -a https://vm-citrix.local.intranet/citrix/store/discovery
FIPS violation detected at crypto/evp/digest.c:219, reason: SHA-1 hash algorithm is not allowed in FIPS mode.
'https://vm-citrix.local.intranet/citrix/store/discovery'

The certificat which is used is a self signed cert and was placed in /opt/Citrix/ICAClient/keystore/cacerts and the command ctx_rehash was executed.

 

I changed the following values in All_regions.ini

 

[Network\SSL]
SSLCiphers=ALL
MinimumTLS=1.2
MaximumTLS=1.3

Any idea how to solve the problem ?

[Maarten Jacobs]

Unfortunately I don't have a solution for this, but I did run into the same problem the other day... I spent a few minutes trying to figure out if this is something related to the setup of Ubuntu itself, but didn't get very far.

 

Hopefully somebody has some suggestions or a solution.

[Markus Kramer1709163554]

I installed icaclient_22.7.0.20_amd64.deb on Debian 11,  and encountered the same message when I tried to add my company "store", which certificate is accepted, I assume.

sudo /opt/Citrix/ICAClient/util/storebrowse --addstore https://uap.dhl.com
FIPS violation detected at crypto/evp/digest.c:219, reason: SHA-1 hash algorithm is not allowed in FIPS mode.
Error adding store:AM_ERROR_HTTP_SERVER_CERTIFICATE_NOT_TRUSTED[65150]

SOLVED FOR ME

- Omitted `storebrowse --addstore`

- Started `/opt/Citrix/ICAClient/selfservice --icaroot /opt/Citrix/ICAClient` and ignored window
- Opened Firefox at store URL

 

Edited August 14, 2022 by Markus Kramer
SOLVED FOR ME