Home > mailing lists

Re: Replace current implementations in crypt() and gen_salt() to OpenSSL - Mailing list pgsql-hackers

From	Peter Eisentraut
Subject	Re: Replace current implementations in crypt() and gen_salt() to OpenSSL
Date	February 20 15:34:04
Msg-id	cde44616-1391-4edb-ae51-9e2d32c7f5a3@eisentraut.org Whole thread Raw
In response to	Re: Replace current implementations in crypt() and gen_salt() to OpenSSL (Robert Haas <robertmhaas@gmail.com>)
List	pgsql-hackers

Tree view

On 20.02.24 12:27, Robert Haas wrote:
> I don't think the first two of these proposals help anything. AIUI,
> FIPS mode is supposed to be a system wide toggle that affects
> everything on the machine. The third one might help if you can be
> compliant by just choosing not to install that extension, and the
> fourth one solves the problem by sledgehammer.
> 
> Does Linux provide some way of asking whether "fips=1" was specified
> at kernel boot time?

What you are describing only happens on Red Hat systems, I think.  They 
have built additional integration around this, which is great.  But 
that's not something you can rely on being the case on all systems, not 
even all Linux systems.

pgsql-hackers by date:

From: "Hayato Kuroda (Fujitsu)"
Date: 20 February, 15:28:29
Subject: RE: Have pg_basebackup write "dbname" in "primary_conninfo"?

From: Daniel Gustafsson
Date: 20 February, 15:35:02
Subject: Re: Replace current implementations in crypt() and gen_salt() to OpenSSL

Re: Replace current implementations in crypt() and gen_salt() to OpenSSL - Mailing list pgsql-hackers

Previous

Next