This issue is true for non LXD units. If you install FIPs via curtin_userdata in MAAS, when the machine does the final reboot and tries to get a juju agent the same issue occurs.
the issue is that the self-signed certificate that juju created is using the TLS_CHACHA20_POLY1305_SHA256 cipher which only works in non-FIPS mode.
It should instead use something like TLS_AES_256_GCM_SHA384 which is 100% supported in FIPS mode.
This issue is true for non LXD units. If you install FIPs via curtin_userdata in MAAS, when the machine does the final reboot and tries to get a juju agent the same issue occurs.
the issue is that the self-signed certificate that juju created is using the TLS_CHACHA20_ POLY1305_ SHA256 cipher which only works in non-FIPS mode.
It should instead use something like TLS_AES_ 256_GCM_ SHA384 which is 100% supported in FIPS mode.
This is blocking a customer deployment.