Hello,
Can you provide more information?
Which keys are you using, etc?
TBH I'm not sure if we have issues in FIPS mode, but I would certainly like to find out how to fix this.
I need more detailed information however such as how the keys were created and presented to the driver.
Dave
Dave Cramer
www.postgres.rocks
Hi,
Postgresql server 13.4 on RHEL8.4 FIPS, JAVA client use Postgres JDBC driver 42.3.3 to connect to database with TLS/SSL. Without fips mode, it’s ok to login with TLSv1.2 and default SSL parameters, but when enable fips mode on JAVA client side. It failed in below error:
at java.lang.Thread.run(Thread.java:750) │
│ Caused by: java.lang.RuntimeException: Platform error: unsupported key for HMAC algorithm │
│ at org.postgresql.shaded.com.ongres.scram.common.util.CryptoUtil.hmac(CryptoUtil.java:147) │
│ at org.postgresql.shaded.com.ongres.scram.common.ScramMechanisms.hmac(ScramMechanisms.java:143) │
│ at org.postgresql.shaded.com.ongres.scram.common.ScramFunctions.hmac(ScramFunctions.java:70) │
│ at org.postgresql.shaded.com.ongres.scram.common.ScramFunctions.clientKey(ScramFunctions.java:85) │
│ at org.postgresql.shaded.com.ongres.scram.client.ScramSession$ClientFinalProcessor.<init>(ScramSession.java:188) │
│ at org.postgresql.shaded.com.ongres.scram.client.ScramSession$ClientFinalProcessor.<init>(ScramSession.java:194) │
│ at org.postgresql.shaded.com.ongres.scram.client.ScramSession$ClientFinalProcessor.<init>(ScramSession.java:163) │
│ at org.postgresql.shaded.com.ongres.scram.client.ScramSession$ServerFirstProcessor.clientFinalProcessor(ScramSession.java:130) │
│ at org.postgresql.jre7.sasl.ScramAuthenticator.processServerFirstMessage(ScramAuthenticator.java:147) │
│ at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication(ConnectionFactoryImpl.java:816) │
│ at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect(ConnectionFactoryImpl.java:180) │
│ at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:235) │
│ at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49) │
│ at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:223) │
│ at org.postgresql.Driver.makeConnection(Driver.java:400) │
│ at org.postgresql.Driver.connect(Driver.java:259) │
│ ... 220 more
does Postgres JDBC driver support JVM FIPS mode to connect to Postgresql database ? from postgresql jdbc driver not able to connect in FIPS mode - Red Hat Customer Portal , that show Postgresql jdbc driver does not support JVM in FIPS mode in RHEL8 .
Thanks,
James