> Is FIPS enabled on the host holding the PostgreSQL instance? I am afraid that you may run to run into problems in
thiscase, in the shape of a crash in > > the backend.
FIPS is enabled on each of our Kubernetes cluster nodes. We are running our application as Kubernetes deployments. I
haveobserved the following:
1) The Postgres pod itself reaches a "Running" state
2) I have another pod in the same namespace with psql installed and I can exec into this pod and successfully connect
topostgres and run SQL select statements
3) All other application pods (java services) that connect to postgres do NOT reach a "Running" state and their logs
arefull of messages stating a connection cannot be established with a cause indicating " Unsupported PBKDF2 for
SCRAM-SHA-256"
I am not a Java developer so I'm not sure how the postgres encryption method (SCRAM_SHA-256) was setup other than what
Ican see in the files:
- postgresql.conf
- pg_hba.conf
Our developers are going to transition to working on this in a few weeks. I don't know enough about password
encryptionbut it looks like we are using an unsupported algorithm on the java client side.
> Postgres 14 is able to work by going through the EVP layer for its
> SHA-2 computations, instead.
Should we be looking at upgrading Postgres to version 14?