# https服务访问报错"fips\_pkey\_signature\_test:test failure"

今天遇到一个奇怪的问题，使用wget下载文件，遇到多个https网站提示

```
# wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
--2017-11-10 22:29:20--  https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
Resolving dl.fedoraproject.org (dl.fedoraproject.org)... 209.132.181.23, 209.132.181.25, 209.132.181.24
Connecting to dl.fedoraproject.org (dl.fedoraproject.org)|209.132.181.23|:443... connected.
OpenSSL: error:2D06D075:FIPS routines:fips_pkey_signature_test:test failure
OpenSSL: error:2D08E06B:FIPS routines:FIPS_CHECK_EC:pairwise test failed
OpenSSL: error:1409802B:SSL routines:ssl3_send_client_key_exchange:reason(43)
Unable to establish SSL connection.
```

这个问题只在这台运行在kvm虚拟机中的CentOS 7.4上出现，而作为底层运行的物理服务器，操作系统版本相同，却没有这个问题。

有点类似[\[openssl-users\] error: FIPS routines:fips\_pkey\_signature\_test:test failure:fips\_post.c](https://mta.openssl.org/pipermail/openssl-users/2016-August/004316.html)

这个虚拟机运行似乎有些不太正常，启动后有很长事件负载很高，并且`rcu_sched`有很长时间占用很高cpu资源。同时操作命令相应缓慢。

但具体问题在哪里？


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://huataihuang.gitbook.io/cloud-atlas-draft/service/ssh/fips_pkey_signature_test_fail.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.