> > So, my question is this: In FIPS mode, what would cause the random
> > number generation to not initialize?
>
> I remember that Red Hat's version of "FIPS mode" involved crypto
> features (including RNGs) just refusing to work in modes deemed
> inadequately secure. So my guess is that psql is trying to configure
> OpenSSL with some inadequately-secure settings. Not sure why it'd be
> different from the server though. Are you sure psql and the libpq it's
> using are same version as the apparently-working server?
>
> regards, tom lane
Hi, Tom.
Thanks for the quick reply. I'll look into the settings and see what I can find.
I double checked the installed packages and they seem to be from my same postgresql build (i.e. note my timestamp of
1459281538):
# dpkg -l | grep postgres
ii postgresql-9.3 9.3.10-0ubuntu0.14.04~et1~fips~2.0.9~1459281538 amd64 object-relational
SQLdatabase, version 9.3 server
ii postgresql-9.3-dbg 9.3.10-0ubuntu0.14.04~et1~fips~2.0.9~1459281538 amd64 debug symbols for
postgresql-9.3
ii postgresql-client-9.3 9.3.10-0ubuntu0.14.04~et1~fips~2.0.9~1459281538 amd64 front-end programs
forPostgreSQL 9.3
ii postgresql-client-common 154-et1~fips~2.0.9~1459281538 all manager for
multiplePostgreSQL client versions
ii postgresql-common 154-et1~fips~2.0.9~1459281538 all PostgreSQL
database-clustermanager
ii postgresql-contrib-9.3 9.3.10-0ubuntu0.14.04~et1~fips~2.0.9~1459281538 amd64 additional
facilitiesfor PostgreSQL
ii postgresql-json-build 1.1.0-et3 amd64 json_build
extensionfor postgresql
ii postgresql-plpython-9.3 9.3.10-0ubuntu0.14.04~et1~fips~2.0.9~1459281538 amd64 PL/Python
procedurallanguage for PostgreSQL 9.3
# dpkg -l | grep libpq
ii libpq5 9.3.10-0ubuntu0.14.04~et1~fips~2.0.9~1459281538 amd64 PostgreSQL C
clientlibrary
# dpkg -S /usr/bin/psql
postgresql-client-common: /usr/bin/psql
# dpkg -S /usr/lib/postgresql/9.3/bin/postgres
postgresql-9.3: /usr/lib/postgresql/9.3/bin/postgres
# psql -h 127.0.0.1 -U postgres -d sslmode=require
psql: SSL SYSCALL error (0): EOF detected, err=5
So, I believe that psql and libpq are from the same version as the currently working server.
Regards,
Rodney