| From: | Peter Eisentraut <peter(at)eisentraut(dot)org> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Daniel Gustafsson <daniel(at)yesql(dot)se>, "Koshi Shibagaki (Fujitsu)" <shibagaki(dot)koshi(at)fujitsu(dot)com>, "pgsql-hackers(at)lists(dot)postgresql(dot)org" <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Replace current implementations in crypt() and gen_salt() to OpenSSL |
| Date: | 2024-02-20 12:34:04 |
| Message-ID: | cde44616-1391-4edb-ae51-9e2d32c7f5a3@eisentraut.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 20.02.24 12:27, Robert Haas wrote:
> I don't think the first two of these proposals help anything. AIUI,
> FIPS mode is supposed to be a system wide toggle that affects
> everything on the machine. The third one might help if you can be
> compliant by just choosing not to install that extension, and the
> fourth one solves the problem by sledgehammer.
>
> Does Linux provide some way of asking whether "fips=1" was specified
> at kernel boot time?
What you are describing only happens on Red Hat systems, I think. They
have built additional integration around this, which is great. But
that's not something you can rely on being the case on all systems, not
even all Linux systems.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Gustafsson | 2024-02-20 12:35:02 | Re: Replace current implementations in crypt() and gen_salt() to OpenSSL |
| Previous Message | Hayato Kuroda (Fujitsu) | 2024-02-20 12:28:29 | RE: Have pg_basebackup write "dbname" in "primary_conninfo"? |