| From: | luzangelad <luz_diaz(at)mcafee(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | FIPS mode - SSL connection fails |
| Date: | 2014-02-20 15:55:19 |
| Message-ID: | 1392911719212-5792937.post@n5.nabble.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
We recently upgraded to version 8.4.18 within our product but this upgrade
has caused SSL connections to fail when OpenSSL is in FIPS mode.
We receive the following error:
2014-02-20 01:44:23 PST [9339]: [1-1] db=[unknown],user=[unknown] LOG:
could not accept SSL connection: decryption failed or bad record mac
While looking through the recent changes, we found that commenting out the
"RAND_cleanup();" call in "src/backend/postmaster/fork_process.c" allows the
connection to succeed.
Any ideas on why this "RAND_cleanup();" would cause SSL failure in FIPS
mode?
Is there a work around? Or is this possibly a known issue?
Thanks.
--
View this message in context: http://postgresql.1045698.n5.nabble.com/FIPS-mode-SSL-connection-fails-tp5792937.html
Sent from the PostgreSQL - general mailing list archive at Nabble.com.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Rémi Cura | 2014-02-20 15:57:39 | Re: [postgis-users] postgis in postgresql apt and upgrades |
| Previous Message | Willy-Bas Loos | 2014-02-20 15:45:18 | [postgis-users]postgis in postgresql apt and upgrades |