TBH I'm not sure if we have issues in FIPS mode, but I would certainly like to find out how to fix this.
I need more detailed information however such as how the keys were created and presented to the driver.
Dave
Dave Cramer
www.postgres.rocks
On Wed, 22 Jun 2022 at 06:39, James Pang (chaolpan) <chaolpan@cisco.com> wrote:
Hi,
Postgresql server 13.4 on RHEL8.4 FIPS, JAVA client use Postgres JDBC driver 42.3.3 to connect to database with TLS/SSL. Without fips mode, it’s ok to login with TLSv1.2 and default SSL parameters, but when enable fips mode on JAVA client side. It failed in below error:
at java.lang.Thread.run(Thread.java:750) │ │ Caused by: java.lang.RuntimeException: Platform error: unsupported key for HMAC algorithm │ │ at org.postgresql.shaded.com.ongres.scram.common.util.CryptoUtil.hmac(CryptoUtil.java:147) │ │ at org.postgresql.shaded.com.ongres.scram.common.ScramMechanisms.hmac(ScramMechanisms.java:143) │ │ at org.postgresql.shaded.com.ongres.scram.common.ScramFunctions.hmac(ScramFunctions.java:70) │ │ at org.postgresql.shaded.com.ongres.scram.common.ScramFunctions.clientKey(ScramFunctions.java:85) │ │ at org.postgresql.shaded.com.ongres.scram.client.ScramSession$ClientFinalProcessor.<init>(ScramSession.java:188) │ │ at org.postgresql.shaded.com.ongres.scram.client.ScramSession$ClientFinalProcessor.<init>(ScramSession.java:194) │ │ at org.postgresql.shaded.com.ongres.scram.client.ScramSession$ClientFinalProcessor.<init>(ScramSession.java:163) │ │ at org.postgresql.shaded.com.ongres.scram.client.ScramSession$ServerFirstProcessor.clientFinalProcessor(ScramSession.java:130) │ │ at org.postgresql.jre7.sasl.ScramAuthenticator.processServerFirstMessage(ScramAuthenticator.java:147) │ │ at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:816) │ │ at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:180) │ │ at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:235) │ │ at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49) │ │ at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:223) │ │ at org.postgresql.Driver.makeConnection(Driver.java:400) │ │ at org.postgresql.Driver.connect(Driver.java:259) │ │ ... 220 more