| From: | <Luz_Diaz(at)McAfee(dot)com> |
|---|---|
| To: | <pgsql-general(at)postgresql(dot)org> |
| Subject: | FIPS mode - SSL connection fails and RAND_cleanup |
| Date: | 2014-02-20 16:04:27 |
| Message-ID: | 7654067E3D35FB43BADBA290D42E66B111D8FB@MIVEXAMER1N2.corp.nai.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
We recently upgraded to version 8.4.18 within our product but this upgrade has caused SSL connections to fail when OpenSSL is in FIPS mode.
We receive the following error:
2014-02-20 01:44:23 PST [9339]: [1-1] db=[unknown],user=[unknown] LOG: could not accept SSL connection: decryption failed or bad record mac
While looking through the recent changes, we found that commenting out the "RAND_cleanup();" call in "src/backend/postmaster/fork_process.c" allows the connection to succeed.
Any ideas on why this "RAND_cleanup();" would cause SSL failure in FIPS mode?
Is there a work around? Or is this possibly a known issue?
Thanks.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Willy-Bas Loos | 2014-02-20 16:14:10 | Re: [postgis-users] postgis in postgresql apt and upgrades |
| Previous Message | Adrian Klaver | 2014-02-20 16:00:05 | Re: Timezone information |