FIPS mode Ubuntu breaks ospd-openvas.service connection

After installing the fips modules from Ubuntu, gvmd is unable to connect to /run/ospd/ospd-openvas.sock

below is the output of sudo journalctl -xeu ospd-openvas.service

Aug 05 14:41:42 xls-dt-greenbone ospd-openvas[1445]: OSPD[1445] 2024-08-05 20:41:42,625: INFO: (ospd.main) Starting OSPd OpenVAS version 22.6.2.
Aug 05 14:41:42 ospd-openvas[1445]: OSPD[1445] 2024-08-05 20:41:42,789: INFO: (ospd_openvas.messaging.mqtt) Successfully connected to MQTT broker
Aug 05 14:41:44 ospd-openvas[1445]: Traceback (most recent call last):
Aug 05 14:41:44 ospd-openvas[1445]: File “/usr/local/bin/ospd-openvas”, line 8, in
Aug 05 14:41:44 ospd-openvas[1445]: sys.exit(main())
Aug 05 14:41:44 x ospd-openvas[1445]: File “/usr/local/lib/python3.10/dist-packages/ospd_openvas/daemon.py”, line 1245, in main
Aug 05 14:41:44 ospd-openvas[1445]: daemon_main(‘OSPD - openvas’, OSPDopenvas, NotusParser())
Aug 05 14:41:44 ospd-openvas[1445]: File “/usr/local/lib/python3.10/dist-packages/ospd/main.py”, line 152, in main
Aug 05 14:41:44 ospd-openvas[1445]: daemon.init(server)
Aug 05 14:41:44 ospd-openvas[1445]: File “/usr/local/lib/python3.10/dist-packages/ospd_openvas/daemon.py”, line 515, in init
Aug 05 14:41:44 ospd-openvas[1445]: self.scan_collection.init()
Aug 05 14:41:44 x ospd-openvas[1445]: File “/usr/local/lib/python3.10/dist-packages/ospd/scan.py”, line 74, in init
Aug 05 14:41:44 ospd-openvas[1445]: self.scan_collection_lock = self.data_manager.RLock()
Aug 05 14:41:44 ospd-openvas[1445]: File “/usr/lib/python3.10/multiprocessing/managers.py”, line 723, in temp
Aug 05 14:41:44 ospd-openvas[1445]: token, exp = self._create(typeid, *args, **kwds)
Aug 05 14:41:44 ospd-openvas[1445]: File “/usr/lib/python3.10/multiprocessing/managers.py”, line 606, in _create
Aug 05 14:41:44 ospd-openvas[1445]: conn = self._Client(self._address, authkey=self._authkey)
Aug 05 14:41:44 ospd-openvas[1445]: File “/usr/lib/python3.10/multiprocessing/connection.py”, line 508, in Client
Aug 05 14:41:44 ospd-openvas[1445]: answer_challenge(c, authkey)
Aug 05 14:41:44 ospd-openvas[1445]: File “/usr/lib/python3.10/multiprocessing/connection.py”, line 755, in answer_challenge
Aug 05 14:41:44 ospd-openvas[1445]: digest = hmac.new(authkey, message, ‘md5’).digest()
Aug 05 14:41:44 ospd-openvas[1445]: File “/usr/lib/python3.10/hmac.py”, line 184, in new
Aug 05 14:41:44 ospd-openvas[1445]: return HMAC(key, msg, digestmod)
Aug 05 14:41:44 ospd-openvas[1445]: File “/usr/lib/python3.10/hmac.py”, line 60, in init
Aug 05 14:41:44 ospd-openvas[1445]: self._init_hmac(key, msg, digestmod)
Aug 05 14:41:44 ospd-openvas[1445]: File “/usr/lib/python3.10/hmac.py”, line 67, in _init_hmac
Aug 05 14:41:44 ospd-openvas[1445]: self._hmac = _hashopenssl.hmac_new(key, msg, digestmod=digestmod)
Aug 05 14:41:44 ospd-openvas[1445]: ValueError: [digital envelope routines] unsupported

Any ideas on how to get past this without rebuilding from scratch without FIPS mode enabled?

You can´t use SE extensions or any other security tool along with GVM. Try to disable SE Linux, Apparmor, etc …

If this is not working, you need to re-install your system.

I guess that FIPS mode enforces stricter cryptographic standards, which may not be compatible with all algorithms used by ospd-openvas.