Quick Links

Re: Allow tests to pass in OpenSSL FIPS mode

From:	Peter Eisentraut <peter(at)eisentraut(dot)org>
To:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc:	pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject:	Re: Allow tests to pass in OpenSSL FIPS mode
Date:	2023-10-06 13:46:24
Message-ID:	0a8601d4-a2ac-a5f1-b9f0-de7c00736dfa@eisentraut.org
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On 05.10.23 22:55, Tom Lane wrote:
> I found another bit of fun we'll need to deal with: on my F38
> platform, pgcrypto/3des fails as attached. Some googling finds
> this relevant info:
>
> https://github.com/pyca/cryptography/issues/6875
>
> That is, FIPS deprecation of 3DES is happening even as we speak.
> So apparently we'll have little choice but to deal with two
> different behaviors for that.

Hmm, interesting, so maybe there should be a new openssl 3.x release at
the end of the year that addresses this?

In response to

Re: Allow tests to pass in OpenSSL FIPS mode at 2023-10-05 20:55:39 from Tom Lane

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Rares Pop (Treelet)	2023-10-06 13:55:18	Custom tstzrange with importance factored in
Previous Message	Peter Eisentraut	2023-10-06 13:44:40	Re: Allow tests to pass in OpenSSL FIPS mode