Hey PostgreSQL experts,
I have encountered an issue related to FIPS mode while setting up two different configurations. The first configuration consists of PostgreSQL 11 with MD5 password encryption and FIPS mode enabled. The second configuration involves PostgreSQL 14 with scram-sha-256 password encryption and FIPS mode enabled. Both configurations can be used as a database in a cluster.
The OpenSSL version I am using is OpenSSL 1.0.2zd-fips, released on 15th March 2022.
During the cluster setup, specifically the database setup, I have observed that the first configuration sets up successfully. However, the second configuration with PostgreSQL 14 fails with the following error:
Exception in thread "main" com.safelogic.cryptocomply.crypto.fips.FipsUnapprovedOperationError: password must be at least 112 bits at com.safelogic.cryptocomply.crypto.fips.FipsPBKD$Parameters.<init>(FipsPBKD.java:90) at com.safelogic.cryptocomply.crypto.fips.FipsPBKD$Parameters.<init>(FipsPBKD.java:63) at com.safelogic.cryptocomply.crypto.fips.FipsPBKD$ParametersBuilder.using(FipsPBKD.java:56) at com.safelogic.cryptocomply.jcajce.provider.ProvPBEPBKDF2$BasePBKDF2.engineGenerateSecret(ProvPBEPBKDF2.java:249) at javax.crypto.SecretKeyFactory.generateSecret(SecretKeyFactory.java:336) at org.postgresql.shaded.com.ongres.scram.common.util.CryptoUtil.hi(CryptoUtil.java:120) at org.postgresql.shaded.com.ongres.scram.common.ScramMechanisms.saltedPassword(ScramMechanisms.java:154) at org.postgresql.shaded.com.ongres.scram.common.ScramFunctions.saltedPassword(ScramFunctions.java:59) at org.postgresql.shaded.com.ongres.scram.client.ScramSession$ClientFinalProcessor.<init>(ScramSession.java:196) at org.postgresql.shaded.com.ongres.scram.client.ScramSession$ClientFinalProcessor.<init>(ScramSession.java:163) at org.postgresql.shaded.com.ongres.scram.client.ScramSession$ServerFirstProcessor.clientFinalProcessor(ScramSession.java:130) at org.postgresql.jre7.sasl.ScramAuthenticator.processServerFirstMessage(ScramAuthenticator.java:147) at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:778) at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:161) at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:213) at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:51) at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:225)
I am puzzled as to why this error occurs only with PostgreSQL 14 and not with PostgreSQL 11.