On 11/09/2017 05:52 PM, chiru r wrote:
> If OpenSSL apply any patches at OS level, Is there any
> changes/maintenance we need to perform at PostgreSQL end?
>
> On Thu, Nov 9, 2017 at 5:46 PM, Joe Conway wrote:
>> Assuming you mean that you need only FIPS 140-2 compliant ciphers, you
>> would want to configure the OS for system-wide FIPS compliance. See:
>>
>>
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/chap-federal_standards_and_regulations
If you enable FIPS at the OS level on a RHEL 7.x system per that link,
Postgres will automatically be using SSL in fips-mode, nothing specific
you need to (or actually, even can) do.
Joe
--
Crunchy Data - http://crunchydata.com
PostgreSQL Support for Secure Enterprises
Consulting, Training, & Open Source Development