| From: | Rodney Lott <rlott(at)evertz(dot)com> |
|---|---|
| To: | " (pgsql-general(at)postgresql(dot)org)" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: postgresql 9.3.10, FIPS mode and DRBG issues. |
| Date: | 2016-04-04 20:22:41 |
| Message-ID: | db0cc2d2a790459db5c489d76f3481dd@WARIO.burlington.evertz.tv |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
> > So, my question is this: In FIPS mode, what would cause the random
> > number generation to not initialize?
>
> I remember that Red Hat's version of "FIPS mode" involved crypto
> features (including RNGs) just refusing to work in modes deemed
> inadequately secure. So my guess is that psql is trying to configure
> OpenSSL with some inadequately-secure settings. Not sure why it'd be
> different from the server though. Are you sure psql and the libpq it's
> using are same version as the apparently-working server?
>
> regards, tom lane
Hi, Tom.
Thanks for the quick reply. I'll look into the settings and see what I can find.
I double checked the installed packages and they seem to be from my same postgresql build (i.e. note my timestamp of 1459281538):
# dpkg -l | grep postgres
ii postgresql-9.3 9.3.10-0ubuntu0.14.04~et1~fips~2.0.9~1459281538 amd64 object-relational SQL database, version 9.3 server
ii postgresql-9.3-dbg 9.3.10-0ubuntu0.14.04~et1~fips~2.0.9~1459281538 amd64 debug symbols for postgresql-9.3
ii postgresql-client-9.3 9.3.10-0ubuntu0.14.04~et1~fips~2.0.9~1459281538 amd64 front-end programs for PostgreSQL 9.3
ii postgresql-client-common 154-et1~fips~2.0.9~1459281538 all manager for multiple PostgreSQL client versions
ii postgresql-common 154-et1~fips~2.0.9~1459281538 all PostgreSQL database-cluster manager
ii postgresql-contrib-9.3 9.3.10-0ubuntu0.14.04~et1~fips~2.0.9~1459281538 amd64 additional facilities for PostgreSQL
ii postgresql-json-build 1.1.0-et3 amd64 json_build extension for postgresql
ii postgresql-plpython-9.3 9.3.10-0ubuntu0.14.04~et1~fips~2.0.9~1459281538 amd64 PL/Python procedural language for PostgreSQL 9.3
# dpkg -l | grep libpq
ii libpq5 9.3.10-0ubuntu0.14.04~et1~fips~2.0.9~1459281538 amd64 PostgreSQL C client library
# dpkg -S /usr/bin/psql
postgresql-client-common: /usr/bin/psql
# dpkg -S /usr/lib/postgresql/9.3/bin/postgres
postgresql-9.3: /usr/lib/postgresql/9.3/bin/postgres
# psql -h 127.0.0.1 -U postgres -d sslmode=require
psql: SSL SYSCALL error (0): EOF detected, err=5
So, I believe that psql and libpq are from the same version as the currently working server.
Regards,
Rodney
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kevin Grittner | 2016-04-04 21:49:06 | Re: How to quote the COALESCE function? |
| Previous Message | Tom Lane | 2016-04-04 19:51:47 | Re: postgresql 9.3.10, FIPS mode and DRBG issues. |