"McDermott, Becky" <bmcd...@sandia.gov> writes:
> We have a requirement to run all of our applications on FIPS enabled hosts.
> Is it possible to install and successfully run postgreql on a FIPS enabled
> host?
We do test that case from time to time, but not regularly.
> We currently run postgres ina container that is executing on a FIPS enabled
> host with the setting: password_encryption = scram-sha-256
> And none of our Java clients can connect to the postgresql database. If we
> run postgresql on a non-FIPS enabled host, everything works fine.
It sounds like something thinks that scram-sha-256 encryption is
disallowed by FIPS. That may or may not be accurate. If it's
supposed to be allowed, you'd need to poke a little harder to
narrow down where the problem is.
(Digging in our commit logs, it looks like version 14.2 has some
changes that might make this work better than it did in older
versions; but I can't tell from the log messages whether the
issue being fixed was new-in-14 or not.)
regards, tom lane
