Re: BUG #19335: the function encrypt does not work correct - ERROR: encrypt error: Key was too big
| От | Daniel Gustafsson |
|---|---|
| Тема | Re: BUG #19335: the function encrypt does not work correct - ERROR: encrypt error: Key was too big |
| Дата | |
| Msg-id | 7D06DFB4-49AE-44C3-80B1-69AFF15FF44D@yesql.se обсуждение исходный текст |
| Ответ на | Re: BUG #19335: the function encrypt does not work correct - ERROR: encrypt error: Key was too big (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-bugs |
> On 28 Nov 2025, at 19:29, Tom Lane <tgl@sss.pgh.pa.us> wrote: > > Daniel Gustafsson <daniel@yesql.se> writes: >> On 28 Nov 2025, at 11:38, <Marco.Lebahn@kfw.de> <Marco.Lebahn@kfw.de> wrote: >>> It seems that < 16.11 does and not check if I use "bf" from legacy provider > >> OpenSSL doesn't support blowfish without the legacy provider loaded. Your >> 16.10 is most likely linked against another version of OpenSSL, or at least >> using another OpenSSL configuration/openssldir. > > It seems quite odd that this changed at a minor PG version update. > I wonder if there was an upgrade of the underlying platform at the > same time, or if the new version was built by a different packager. Agreed, there must have been something else changing at the same time. > I confirmed on a fresh Fedora installation (with OpenSSL 3.2.6) > that it works as Daniel described. Blowfish and other old ciphers > don't work with the out-of-the-box OpenSSL configuration, but if > you edit `openssl info -configdir`/openssl.cnf and uncomment the > lines that enable the legacy provider, it will work. Thanks for confirming! -- Daniel Gustafsson
В списке pgsql-bugs по дате отправления: