Jump to content
Welcome to our new Citrix community!
  • 1

FIPS violation: SHA-1 hash algorithm is not allowed in FIPS mode.


Jean-Pierre Rasquin

Question

Hi,

 

On a Ubuntu 20.04 I installed icaclient_22.7.0.20_amd64.deb

I try to connect to the newly installed  Citrix 2203 LTSR on Windows 2019.

 

When I try to add my store I get the following error:

$ /opt/Citrix/ICAClient/util/storebrowse -a https://vm-citrix.local.intranet/citrix/store/discovery
FIPS violation detected at crypto/evp/digest.c:219, reason: SHA-1 hash algorithm is not allowed in FIPS mode.
'https://vm-citrix.local.intranet/citrix/store/discovery'

The certificat which is used is a self signed cert and was placed in /opt/Citrix/ICAClient/keystore/cacerts and the command ctx_rehash was executed.

 

I changed the following values in All_regions.ini

 

[Network\SSL]
SSLCiphers=ALL
MinimumTLS=1.2
MaximumTLS=1.3

Any idea how to solve the problem ?

Link to comment

2 answers to this question

Recommended Posts

  • 0

I installed icaclient_22.7.0.20_amd64.deb on Debian 11,  and encountered the same message when I tried to add my company "store", which certificate is accepted, I assume.

sudo /opt/Citrix/ICAClient/util/storebrowse --addstore https://uap.dhl.com
FIPS violation detected at crypto/evp/digest.c:219, reason: SHA-1 hash algorithm is not allowed in FIPS mode.
Error adding store:AM_ERROR_HTTP_SERVER_CERTIFICATE_NOT_TRUSTED[65150]

SOLVED FOR ME

- Omitted `storebrowse --addstore`

- Started `/opt/Citrix/ICAClient/selfservice --icaroot /opt/Citrix/ICAClient` and ignored window
- Opened Firefox at store URL

 

Edited by Markus Kramer
SOLVED FOR ME
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...