| From: | Abhishek Dasgupta <abhishekdasgupta005(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | FIPS-related Error: Password Must Be at Least 112 Bits on Postgres 14, Unlike in Postgres 11 |
| Date: | 2023-06-22 13:46:21 |
| Message-ID: | CAA93efm3bgqfyaR0YmaQ1N=uNhjMx8SA-UPXNPV6j669c9eGYQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hey PostgreSQL experts,
I have encountered an issue related to FIPS mode while setting up two
different configurations. The first configuration consists of PostgreSQL 11
with MD5 password encryption and FIPS mode enabled. The second
configuration involves PostgreSQL 14 with scram-sha-256 password encryption
and FIPS mode enabled. Both configurations can be used as a database in a
cluster.
The OpenSSL version I am using is OpenSSL 1.0.2zd-fips, released on 15th
March 2022.
During the cluster setup, specifically the database setup, I have observed
that the first configuration sets up successfully. However, the second
configuration with PostgreSQL 14 fails with the following error:
Exception in thread "main"
com.safelogic.cryptocomply.crypto.fips.FipsUnapprovedOperationError:
password must be at least 112 bits
at com.safelogic.cryptocomply.crypto.fips.FipsPBKD$Parameters.<init>(FipsPBKD.java:90)
at com.safelogic.cryptocomply.crypto.fips.FipsPBKD$Parameters.<init>(FipsPBKD.java:63)
at com.safelogic.cryptocomply.crypto.fips.FipsPBKD$ParametersBuilder.using(FipsPBKD.java:56)
at com.safelogic.cryptocomply.jcajce.provider.ProvPBEPBKDF2$BasePBKDF2.engineGenerateSecret(ProvPBEPBKDF2.java:249)
at javax.crypto.SecretKeyFactory.generateSecret(SecretKeyFactory.java:336)
at org.postgresql.shaded.com.ongres.scram.common.util.CryptoUtil.hi(CryptoUtil.java:120)
at org.postgresql.shaded.com.ongres.scram.common.ScramMechanisms.saltedPassword(ScramMechanisms.java:154)
at org.postgresql.shaded.com.ongres.scram.common.ScramFunctions.saltedPassword(ScramFunctions.java:59)
at org.postgresql.shaded.com.ongres.scram.client.ScramSession$ClientFinalProcessor.<init>(ScramSession.java:196)
at org.postgresql.shaded.com.ongres.scram.client.ScramSession$ClientFinalProcessor.<init>(ScramSession.java:163)
at org.postgresql.shaded.com.ongres.scram.client.ScramSession$ServerFirstProcessor.clientFinalProcessor(ScramSession.java:130)
at org.postgresql.jre7.sasl.ScramAuthenticator.processServerFirstMessage(ScramAuthenticator.java:147)
at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:778)
at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:161)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:213)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:51)
at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:225)
I am puzzled as to why this error occurs only with PostgreSQL 14 and not
with PostgreSQL 11.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dominique Devienne | 2023-06-22 14:16:03 | Re: Catalog for LISTEN'ed to notification channels? |
| Previous Message | Tom Lane | 2023-06-22 13:29:59 | Re: Catalog for LISTEN'ed to notification channels? |