| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | chiru r <chirupg(at)gmail(dot)com> |
| Cc: | PostgreSQL-general <pgsql-general(at)postgreSQL(dot)org> |
| Subject: | Re: [HACKERS] OpeSSL - PostgreSQL |
| Date: | 2017-11-10 02:47:55 |
| Message-ID: | f92ea404-77ea-34a1-1af2-f5cdc1fcec60@joeconway.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-hackers |
On 11/09/2017 05:52 PM, chiru r wrote:
> If OpenSSL apply any patches at OS level, Is there any
> changes/maintenance we need to perform at PostgreSQL end?
>
> On Thu, Nov 9, 2017 at 5:46 PM, Joe Conway wrote:
>> Assuming you mean that you need only FIPS 140-2 compliant ciphers, you
>> would want to configure the OS for system-wide FIPS compliance. See:
>>
>> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/chap-federal_standards_and_regulations
If you enable FIPS at the OS level on a RHEL 7.x system per that link,
Postgres will automatically be using SSL in fips-mode, nothing specific
you need to (or actually, even can) do.
Joe
--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development
| From | Date | Subject | |
|---|---|---|---|
| Next Message | hmidi slim | 2017-11-10 09:16:06 | Spelling dictionaries |
| Previous Message | chiru r | 2017-11-10 01:52:32 | Re: [HACKERS] OpeSSL - PostgreSQL |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2017-11-10 02:50:50 | Re: Simplify ACL handling for large objects and removal of superuser() checks |
| Previous Message | Amit Kapila | 2017-11-10 02:31:22 | Re: [POC] Faster processing at Gather node |