Home > mailing lists

Re: Java client connection problem on FIPS enabled hosts (with password_encryption = scram-sha-256) - Mailing list pgsql-jdbc

From	Michael Paquier
Subject	Re: Java client connection problem on FIPS enabled hosts (with password_encryption = scram-sha-256)
Date	March 23, 2022 02:25:06
Msg-id	Yjpauv3HLvdrPFzf@paquier.xyz Whole thread Raw
In response to	Re: Java client connection problem on FIPS enabled hosts (with password_encryption = scram-sha-256) (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-jdbc

Tree view

On Tue, Mar 22, 2022 at 06:54:29PM -0400, Tom Lane wrote:
> I worried about that too in the earlier pgsql-general thread.  But the
> Java exception trace looks like the error is being thrown client-side.
> Also Becky says she can connect successfully with psql, which indicates
> that the server-side stack is not subject to those problems you mentioned.

I don't know enough about the JDBC driver to be sure, but that would
mean that the code path related to processServerFirstMessage in the
JDBC driver is taken after the backend has computed the SHA-256 hash
for the mock authentication (first SHA-2 computed in the exchange so
the backend would crash first with a libpq exchange).  Anyway, I also
got the impression that this was an initialization stack.
--
Michael

Attachment

signature.asc

pgsql-jdbc by date:

From: "McDermott, Becky"
Date: 23 March 2022, 02:00:04
Subject: RE: [EXTERNAL] Re: Java client connection problem on FIPS enabled hosts (with password_encryption = scram-sha-256)

From: Michael Paquier
Date: 23 March 2022, 02:26:55
Subject: Re: [EXTERNAL] Re: Java client connection problem on FIPS enabled hosts (with password_encryption = scram-sha-256)

Re: Java client connection problem on FIPS enabled hosts (with password_encryption = scram-sha-256) - Mailing list pgsql-jdbc

Attachment

Previous

Next