Comment 7 for bug 2002841

This issue is true for non LXD units. If you install FIPs via curtin_userdata in MAAS, when the machine does the final reboot and tries to get a juju agent the same issue occurs.

the issue is that the self-signed certificate that juju created is using the TLS_CHACHA20_POLY1305_SHA256 cipher which only works in non-FIPS mode.

It should instead use something like TLS_AES_256_GCM_SHA384 which is 100% supported in FIPS mode.

This is blocking a customer deployment.