From 8e7356a46fc1153c7a19f63551afd284af1bacbb Mon Sep 17 00:00:00 2001
From: Jochen Ehret <jochen.ehret@sap.com>
Date: Tue, 5 Dec 2023 16:37:30 +0100
Subject: [PATCH] Fix pre-start.erb for Jammy FIPS stemcell

* algorithm "PBE-SHA1-3DES" is not available on FIPS Jammy (OpenSSL 3.0.2 / Ubuntu 22.04.3 LTS)
* so use the "-nomac" option instead as recommended on https://www.openssl.org/docs/man3.0/man1/openssl-pkcs12.html#NOTES
---
 jobs/uaa/templates/bin/pre-start.erb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jobs/uaa/templates/bin/pre-start.erb b/jobs/uaa/templates/bin/pre-start.erb
index 766f053821..3c49b2c10d 100755
--- a/jobs/uaa/templates/bin/pre-start.erb
+++ b/jobs/uaa/templates/bin/pre-start.erb
@@ -135,7 +135,7 @@ function insert_ssl_cert {
     if [ -f "/proc/sys/crypto/fips_enabled" ]; then
         local FIPS_ENABLED="$(cat /proc/sys/crypto/fips_enabled)"
         if [ "${FIPS_ENABLED}" = 1 ]; then
-            FIPS_OPTS="-certpbe PBE-SHA1-3DES"
+            FIPS_OPTS="-nomac"
             log "Detect FIPS enabled"
         fi
     fi