Search Postgresql Archives

FIPS-related Error: Password Must Be at Least 112 Bits on Postgres 14, Unlike in Postgres 11

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hey PostgreSQL experts,

I have encountered an issue related to FIPS mode while setting up two different configurations. The first configuration consists of PostgreSQL 11 with MD5 password encryption and FIPS mode enabled. The second configuration involves PostgreSQL 14 with scram-sha-256 password encryption and FIPS mode enabled. Both configurations can be used as a database in a cluster.

The OpenSSL version I am using is OpenSSL 1.0.2zd-fips, released on 15th March 2022.

During the cluster setup, specifically the database setup, I have observed that the first configuration sets up successfully. However, the second configuration with PostgreSQL 14 fails with the following error:

Exception in thread "main" com.safelogic.cryptocomply.crypto.fips.FipsUnapprovedOperationError: password must be at least 112 bits
	at com.safelogic.cryptocomply.crypto.fips.FipsPBKD$Parameters.<init>(FipsPBKD.java:90)
	at com.safelogic.cryptocomply.crypto.fips.FipsPBKD$Parameters.<init>(FipsPBKD.java:63)
	at com.safelogic.cryptocomply.crypto.fips.FipsPBKD$ParametersBuilder.using(FipsPBKD.java:56)
	at com.safelogic.cryptocomply.jcajce.provider.ProvPBEPBKDF2$BasePBKDF2.engineGenerateSecret(ProvPBEPBKDF2.java:249)
	at javax.crypto.SecretKeyFactory.generateSecret(SecretKeyFactory.java:336)
	at org.postgresql.shaded.com.ongres.scram.common.util.CryptoUtil.hi(CryptoUtil.java:120)
	at org.postgresql.shaded.com.ongres.scram.common.ScramMechanisms.saltedPassword(ScramMechanisms.java:154)
	at org.postgresql.shaded.com.ongres.scram.common.ScramFunctions.saltedPassword(ScramFunctions.java:59)
	at org.postgresql.shaded.com.ongres.scram.client.ScramSession$ClientFinalProcessor.<init>(ScramSession.java:196)
	at org.postgresql.shaded.com.ongres.scram.client.ScramSession$ClientFinalProcessor.<init>(ScramSession.java:163)
	at org.postgresql.shaded.com.ongres.scram.client.ScramSession$ServerFirstProcessor.clientFinalProcessor(ScramSession.java:130)
	at org.postgresql.jre7.sasl.ScramAuthenticator.processServerFirstMessage(ScramAuthenticator.java:147)
	at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:778)
	at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:161)
	at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:213)
	at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:51)
	at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:225)

I am puzzled as to why this error occurs only with PostgreSQL 14 and not with PostgreSQL 11.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux