RE: [EXTERNAL] Re: Java client connection problem on FIPS enabled hosts (with password_encryption = scram-sha-256)

From: "McDermott, Becky" <bmcderm(at)sandia(dot)gov>
To: Dave Cramer <davecramer(at)postgres(dot)rocks>
Cc: Sehrope Sarkuni <sehrope(at)jackdb(dot)com>, Michael Paquier <michael(at)paquier(dot)xyz>, "pgsql-jdbc(at)lists(dot)postgresql(dot)org" <pgsql-jdbc(at)lists(dot)postgresql(dot)org>
Subject: RE: [EXTERNAL] Re: Java client connection problem on FIPS enabled hosts (with password_encryption = scram-sha-256)
Date: 2022-03-28 14:07:17
Message-ID: BY3PR09MB86273A0A01898516783D7F23C81D9@BY3PR09MB8627.namprd09.prod.outlook.com
Views: Whole Thread | Raw Message | Download mbox | Resend email
Thread:
Lists: pgsql-jdbc

>> From: Dave Cramer <davecramer(at)postgres(dot)rocks>
>> Sent: Friday, March 25, 2022 7:17 AM
>>
>> I just tried this on openjdk 11.0.1 on macos and it works fine. It may be a specific problem with the openjdk built by the vendor you are using (I presume redhat?)

Thank you so much for letting me know that openjdk worked for you. We are building our base Java Docker image (that our Java services and my simple example runs in) from Iron Bank Redhat Universal Base Image (UBI) 8 and then installing Java into the image:

# java
ARG JAVA_MAJOR_VERSION=11
ARG JAVA_VERSION=1:11.0.14.0.9-2.el8*
ENV JAVA_HOME /usr/lib/jvm/java-${JAVA_MAJOR_VERSION}-openjdk

dnf install java-${JAVA_MAJOR_VERSION}-openjdk-devel-${JAVA_VERSION}

I will work with someone on my team that understands the base images better. It is my understanding that we are building our own base Java image from Redhat UBI 8. Maybe there is something more we need to do to make sure the crypto libraries get installed?

Thanks,
Becky

In response to

Responses

Browse pgsql-jdbc by date

  From Date Subject
Next Message Dave Cramer 2022-03-28 15:03:39 Re: [EXTERNAL] Re: Java client connection problem on FIPS enabled hosts (with password_encryption = scram-sha-256)
Previous Message McDermott, Becky 2022-03-28 13:56:21 RE: [EXTERNAL] Re: Java client connection problem on FIPS enabled hosts (with password_encryption = scram-sha-256)