It looks like scram-sha-256 doesn't work when postgres is linked against FIPS-enabled OpenSSL and FIPS mode is turned on.
Specifically, all login attempts fail with an OpenSSL error saying something along the lines of "Low level API call to digest SHA256 forbidden in fips mode".
I think this issue could be solved by refactoring the code in sha2_openssl.c to use the OpenSSL EVP interface (see https://wiki.openssl.org/index.php/EVP_Message_Digests ).
Any thoughts? Is this a known issue?
Thank you in advance.
Alessandro
