Re: pgAdmin4 v6.21 on RHEL7.9 with FIPS enabled

On Fri, 14 Jul 2023 at 12:32, Daxu Yin <daxuyin(at)yahoo(dot)com> wrote:

> Is there a version of pgadmin4 certified with FIPS and RHEL 8 available
> for download?
>
> If no official release available, do we know when it would be available?
>

We have no plans for FIPS certification. We do support pgAdmin in non-FIPS
on RHEL 8.

>
> Many thanks,
>
> Daxu Yin
> 410-340-5842
>
>
> On Monday, May 29, 2023 at 12:12:47 AM EDT, Khushboo Vashi <
> khushboo(dot)vashi(at)enterprisedb(dot)com> wrote:
>
>
> Hi,
>
> On Fri, May 26, 2023 at 8:47 PM Daxu Yin <daxuyin(at)yahoo(dot)com> wrote:
>
> Hi,
>
> I am new to this list, please forgive me if I am submitting the following
> to the wrong place.
>
> We've just installed pgAdmin4 web mode on RHEL7.9.
> Once we started the httpd service, we couldn't login the system, the
> webpage spins forever.
> The error message is attached below.
> The RHEL 7.9 we use has FIPS enabled, e.g. cat
> /proc/sys/crypto/fips_enabled has a value of 1.
>
> It seems the version of pgAdmin4, 6.21, still uses MD5, which is not
> allowed by FIPS.
>
> I'd highly appreciate if anyone could let us know:
>
> 1. Is there a version of pgAdmin4 on RHEL 7.9 that supports FIPS?
> 2. Is there any plan down the road that pgAdmin4 would support FIPS on
> RHEL 7.9?
> 3. Is there any way to get around the issue?
>
> Many thanks in advance,
>
> ==============Error msg in pgadmin log file =========================
> 2023-05-16 03:04:13,593: ERROR pgadmin: [digital envelope
> routines: EVP_DigestInit_ex] disabled for fips
> Traceback (most recent call last):
> File "/usr/pgadmin4/venv/lib64/python3.6/site-packages/flask/app.py",
> line 1516, in full_dispatch_request
> rv = self.dispatch_request()
> File "/usr/pgadmin4/venv/lib64/python3.6/site-packages/flask/app.py",
> line 1502, in dispatch_request
> Connection to 10.138.182.10 closed by remote
> host.le.endpoint])(**req.view_args)
> Connection to 10.138.182.10
> closed.thon3.6/site-packages/flask_login/utils.py", line 272, in
> decorated_view
> [daxu(at)ip-192-168-40-129 ~]$ rgs)
> File "/usr/pgadmin4/web/pgadmin/browser/__init__.py", line 634, in utils
> current_ui_lock=current_ui_lock
> File
> "/usr/pgadmin4/venv/lib64/python3.6/site-packages/flask/templating.py",
> line 150, in render_template
> ctx.app,
> File
> "/usr/pgadmin4/venv/lib64/python3.6/site-packages/flask/templating.py",
> line 128, in _render
> rv = template.render(context)
> File
> "/usr/pgadmin4/venv/lib64/python3.6/site-packages/jinja2/environment.py",
> line 1291, in render
> self.environment.handle_exception()
> File
> "/usr/pgadmin4/venv/lib64/python3.6/site-packages/jinja2/environment.py",
> line 925, in handle_exception
> raise rewrite_traceback_stack(source=source)
> File "/usr/pgadmin4/web/pgadmin/browser/templates/browser/js/utils.js",
> line 119, in top-level template code
> gravatar: {% if config.SHOW_GRAVATAR_IMAGE %}'{{ username | gravatar
> }}'{% else %}''{% endif %},
> File
> "/usr/pgadmin4/venv/lib64/python3.6/site-packages/flask_gravatar/__init__.py",
> line 151, in __call__
> hash = hashlib.md5(email.encode('utf-8')).hexdigest()
> ValueError: [digital envelope routines: EVP_DigestInit_ex] disabled for
> fips
>
> This issue is reported here:
> https://bugzilla.redhat.com/show_bug.cgi?id=1744670.
> And the target version for the fix is RHEL 8.0
>
> Thanks,
> Khushboo
>
>
>
> Daxu Yin
> 410-340-5842
>
>

--
Dave Page
Blog: https://pgsnake.blogspot.com
Twitter: @pgsnake

EDB: https://www.enterprisedb.com