| From: | Michael Paquier <michael(at)paquier(dot)xyz> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "McDermott, Becky" <bmcderm(at)sandia(dot)gov>, "pgsql-jdbc(at)lists(dot)postgresql(dot)org" <pgsql-jdbc(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Java client connection problem on FIPS enabled hosts (with password_encryption = scram-sha-256) |
| Date: | 2022-03-22 23:25:06 |
| Message-ID: | Yjpauv3HLvdrPFzf@paquier.xyz |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-jdbc |
On Tue, Mar 22, 2022 at 06:54:29PM -0400, Tom Lane wrote:
> I worried about that too in the earlier pgsql-general thread. But the
> Java exception trace looks like the error is being thrown client-side.
> Also Becky says she can connect successfully with psql, which indicates
> that the server-side stack is not subject to those problems you mentioned.
I don't know enough about the JDBC driver to be sure, but that would
mean that the code path related to processServerFirstMessage in the
JDBC driver is taken after the backend has computed the SHA-256 hash
for the mock authentication (first SHA-2 computed in the exchange so
the backend would crash first with a libpq exchange). Anyway, I also
got the impression that this was an initialization stack.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2022-03-22 23:26:55 | Re: [EXTERNAL] Re: Java client connection problem on FIPS enabled hosts (with password_encryption = scram-sha-256) |
| Previous Message | McDermott, Becky | 2022-03-22 23:00:04 | RE: [EXTERNAL] Re: Java client connection problem on FIPS enabled hosts (with password_encryption = scram-sha-256) |