FIPS support in nginx?

kirti maindargikar nginx-forum at
Tue Jul 9 06:09:47 UTC 2019

Hi, We are using 1.10.3 nginx  in FIPS mode. As discussed above we already
have FIPS enabled on RHEL and we have recompiled nginx with OpenSSL FIPS.
However we still see that Nginx is using MD5 algorithms ( which is not
allowed in FIPS mode ) when we use proxy_cache to cache pictures .
Looks like nginx uses MD5 hash to create the name of the cached image file.

As given in this link

proxy_cache_path path[levels=levels][use_temp_path=on|off]

"Sets the path and other parameters of a cache. Cache data are stored in
files. The file name in a cache is a result of applying the MD5 function to
the cache key. The levels parameter defines hierarchy levels of a cache:
from 1 to 3, each level accepts values 1 or 2. For example, in the following

proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=one:10m;

file names in a cache will look like this: 


As nginx is using MD5  here, which is not supported in FIPS, we are getting
openssl error 

"md5_dgst.c(82): OpenSSL internal error, assertion failed: Digest MD5
forbidden in FIPS mode!"

Is there a way to configure nginx to use fips compliant algorithms like
SH256 instead of MD5  in proxy cache ?

Or  does it need a code fix in nginx? If so which file/module may require a
code fix here ?

Posted at Nginx Forum:,284539,284788#msg-284788

More information about the nginx mailing list