I have three containers running on Azure Container Apps—two backend containers and one frontend container. The frontend container is running fine, but I’m encountering issues with the backend containers. Everything was working perfectly for the past five months, and there have been no code changes. However, starting today, the backend containers stopped working and are throwing the following errors in the container logs:
crypto/fips/fips.c:154: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE
…
[INFO] Booting worker with pid: XXXX
crypto/fips/fips.c:154: OpenSSL internal error: FATAL FIPS SELFTEST FAILURE
It appears to be related to FIPS. I suspect that Microsoft might have pushed a new update that enabled FIPS on the container apps. I tried to disable FIPS from the Container Apps console, but it doesn’t let me. I also updated my Dockerfile to include ENV OPENSSL_FORCE_FIPS_MODE 0, but the issue persists.
I’m running out of options and would appreciate any pointers or advice on how to resolve this issue.
I am using Python Flask for backend and also tried updating my all the libraries to latest version.
2
Answers
Azure Container Apps (ACA) have been enabling FIPS in their us based regions. Current mitigation is to add
OPENSSL_FORCE_FIPS_MODE=0
in your environment variable or docker file.If this does not help, you can reach out to [email protected].
Update: ACA is rolling back their FIPs update
This has been a known recent issue where Azure Container Apps enabled FIPs for their resources in all US regions as part of compliance. This update caused certain algorithms to be blocked at the kernel level. Apps that are using non-FIPs compliant algorithms were impacted.
The update has been rolled back and FIPs is now disabled for all regions so issues should be resolved. You no longer need to apply any environment variables to your app, if you already have, it might cause the issue to persist, once removed everything should be back to normal.