Re: pgAdmin4 v6.21 on RHEL7.9 with FIPS enabled

Is there a version of pgadmin4 certified with FIPS and RHEL 8 available for download?

If no official release available, do we know when it would be available?

Many thanks,

Daxu Yin
410-340-5842

On Monday, May 29, 2023 at 12:12:47 AM EDT, Khushboo Vashi <khushboo.vashi@enterprisedb.com> wrote:

Hi,

On Fri, May 26, 2023 at 8:47 PM Daxu Yin <daxuyin@yahoo.com> wrote:

Hi, 

I am new to this list, please forgive me if I am submitting the following to the wrong place.

We've just installed pgAdmin4 web mode on RHEL7.9.

Once we started the httpd service, we couldn't login the system, the webpage spins forever.

The error message is attached below.

The RHEL 7.9 we use has FIPS enabled, e.g. cat /proc/sys/crypto/fips_enabled has a value of 1.

It seems the version of pgAdmin4, 6.21, still uses MD5, which is not allowed by FIPS.

I'd highly appreciate if anyone could let us know:

1. Is there a version of pgAdmin4 on RHEL 7.9 that supports FIPS?

2. Is there any plan down the road that pgAdmin4 would support FIPS on RHEL 7.9?

3. Is there any way to get around the issue?

Many thanks in advance,

==============Error msg in pgadmin log file =========================

2023-05-16 03:04:13,593: ERROR  pgadmin:        [digital envelope routines: EVP_DigestInit_ex] disabled for fips

Traceback (most recent call last):

  File "/usr/pgadmin4/venv/lib64/python3.6/site-packages/flask/app.py", line 1516, in full_dispatch_request

    rv = self.dispatch_request()

  File "/usr/pgadmin4/venv/lib64/python3.6/site-packages/flask/app.py", line 1502, in dispatch_request

Connection to 10.138.182.10 closed by remote host.le.endpoint])(**req.view_args)

Connection to 10.138.182.10 closed.thon3.6/site-packages/flask_login/utils.py", line 272, in decorated_view

[daxu@ip-192-168-40-129 ~]$ rgs)

  File "/usr/pgadmin4/web/pgadmin/browser/__init__.py", line 634, in utils

    current_ui_lock=current_ui_lock

  File "/usr/pgadmin4/venv/lib64/python3.6/site-packages/flask/templating.py", line 150, in render_template

    ctx.app,

  File "/usr/pgadmin4/venv/lib64/python3.6/site-packages/flask/templating.py", line 128, in _render

    rv = template.render(context)

  File "/usr/pgadmin4/venv/lib64/python3.6/site-packages/jinja2/environment.py", line 1291, in render

    self.environment.handle_exception()

  File "/usr/pgadmin4/venv/lib64/python3.6/site-packages/jinja2/environment.py", line 925, in handle_exception

    raise rewrite_traceback_stack(source=source)

  File "/usr/pgadmin4/web/pgadmin/browser/templates/browser/js/utils.js", line 119, in top-level template code

    gravatar: {% if config.SHOW_GRAVATAR_IMAGE %}'{{ username | gravatar }}'{% else %}''{% endif %},

  File "/usr/pgadmin4/venv/lib64/python3.6/site-packages/flask_gravatar/__init__.py", line 151, in __call__

    hash = hashlib.md5(email.encode('utf-8')).hexdigest()

ValueError: [digital envelope routines: EVP_DigestInit_ex] disabled for fips

This issue is reported here: https://bugzilla.redhat.com/show_bug.cgi?id=1744670. 

And the target version for the fix is RHEL 8.0

Thanks,

Khushboo

Daxu Yin
410-340-5842