Quick Links

Re: postgresql 9.3.10, FIPS mode and DRBG issues.

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Rodney Lott <rlott(at)evertz(dot)com>
Cc:	" (pgsql-general(at)postgresql(dot)org)" <pgsql-general(at)postgresql(dot)org>
Subject:	Re: postgresql 9.3.10, FIPS mode and DRBG issues.
Date:	2016-04-04 19:51:47
Message-ID:	29191.1459799507@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

Rodney Lott <rlott(at)evertz(dot)com> writes:
> So, my question is this: In FIPS mode, what would cause the random
> number generation to not initialize?

I remember that Red Hat's version of "FIPS mode" involved crypto features
(including RNGs) just refusing to work in modes deemed inadequately
secure. So my guess is that psql is trying to configure OpenSSL with some
inadequately-secure settings. Not sure why it'd be different from the
server though. Are you sure psql and the libpq it's using are same
version as the apparently-working server?

regards, tom lane

In response to

postgresql 9.3.10, FIPS mode and DRBG issues. at 2016-04-04 18:04:39 from Rodney Lott

Responses

Re: postgresql 9.3.10, FIPS mode and DRBG issues. at 2016-04-04 20:22:41 from Rodney Lott

Browse pgsql-general by date

	From	Date	Subject
Next Message	Rodney Lott	2016-04-04 20:22:41	Re: postgresql 9.3.10, FIPS mode and DRBG issues.
Previous Message	Soni M	2016-04-04 18:32:05	Re: CORRUPTION on TOAST table