I am trying to make the following vector image – timberio/vector:0.39.0-debian fips compliant. The image is to run in openshift cluster, and logs are to be send to kafka(MSK) and cloudwatch in AWS. But get the follwing error in logs for kafka –

ERROR vector::topology::builder: Configuration error. error=Sink "kafka_sink": creating kafka producer failed: Client creation error: SSL_CTX_new() failed: ssl/ssl_lib.c:3955:(unknown function) error:0A0000A1:SSL routines::library has no ciphers

I’m trying to enable ciphers through a cnf file, but not working at the moment.

This is the dockerfile I use

FROM timberio/vector:0.39.0-debian

# Install dependencies
RUN apt-get update && apt-get install -y 
    build-essential 
    wget 
    curl

# Set OpenSSL and FIPS versions
ENV OPENSSL_VERSION=3.0.9

# Download, build, and install OpenSSL with FIPS support
RUN wget https://www.openssl.org/source/openssl-$OPENSSL_VERSION.tar.gz && 
    tar -xzvf openssl-$OPENSSL_VERSION.tar.gz && 
    cd openssl-$OPENSSL_VERSION && 
    ./Configure enable-fips && 
    make && 
    make install

# Create OpenSSL configuration file with FIPS settings
COPY openssl-fips.cnf /usr/local/ssl/openssl.cnf

# Set environment variables for OpenSSL and FIPS
ENV OPENSSL_CONF=/usr/local/ssl/openssl.cnf

ENTRYPOINT ["/usr/bin/vector"]

and the following openssl-fips.cnf file –

# OpenSSL Configuration File

openssl_conf = openssl_init

# Initialization of OpenSSL settings
[openssl_init]
providers = provider_sect
cipher_strings = default

# Specify the providers
[provider_sect]
fips = fips_sect
base = base_sect

# Base provider settings
[base_sect]
activate = 1

# FIPS provider settings
[fips_sect]
activate = 1

# Cipher configuration
[openssl_init]
cipher_strings = @SECLEVEL=2

Please help me understand where I am making mistake, any help would be appreciated.