diff --git a/lib/nova b/lib/nova
index 5fcccffec1..1420183a19 100644
--- a/lib/nova
+++ b/lib/nova
@@ -315,6 +315,10 @@ EOF
             sudo systemctl daemon-reload
         fi
 
+        # set chap algorithms.  The default chap_algorithm is md5 which will
+        # not work under FIPS
+        iniset -sudo /etc/iscsi/iscsid.conf DEFAULT "node.session.auth.chap_algs" "SHA3-256,SHA256"
+
         # ensure that iscsid is started, even when disabled by default
         restart_service iscsid
     fi