Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod

From: Joe Conway <mail(at)joeconway(dot)com>
To: Michael Paquier <michael(at)paquier(dot)xyz>, Daniel Gustafsson <daniel(at)yesql(dot)se>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, ansh01072001(at)gmail(dot)com, pgsql-bugs(at)lists(dot)postgresql(dot)org
Subject: Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod
Date: 2026-04-25 00:23:45
Message-ID: 4ab05a1f-f709-4ba1-b9d4-5d3ded89f7b8@joeconway.com
Views: Whole Thread | Raw Message | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

On 4/24/26 18:32, Michael Paquier wrote:
> He has added a paragraph about the set of ciphers that are allowed
> in FIPS. Do we actually need to mention these explicitely? Perhaps
> a link to an external source would be more adapted? I am not
> convinced that this is a good addition for pgcrypto, but feel free
> to disagree.

+1 for a link to an external source, specifically the official NIST
reference I would think.

--
Joe Conway
PostgreSQL Contributors Team
Amazon Web Services: https://aws.amazon.com

In response to

Browse pgsql-bugs by date

  From Date Subject
Next Message Shishir Sharma 2026-04-25 06:08:50 Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod
Previous Message Christophe Pettus 2026-04-25 00:19:44 uuidv7 improperly accepts dates before 1970-01-01