We recently upgraded to version 8.4.18 within our product but this upgrade has caused SSL connections to fail when OpenSSL is in FIPS mode.
We receive the following error: 2014-02-20 01:44:23 PST [9339]: [1-1] db=[unknown],user=[unknown] LOG: could not accept SSL connection: decryption failed or bad record mac
While looking through the recent changes, we found that commenting out the "RAND_cleanup();" call in "src/backend/postmaster/fork_process.c" allows the connection to succeed.
Any ideas on why this "RAND_cleanup();" would cause SSL failure in FIPS mode? Is there a work around? Or is this possibly a known issue?