> On 20 Feb 2026, at 17:07, Tom Lane <[email protected]> wrote: > My concern about the fix you suggest is that we won't be testing the > same thing that people in the field will be using.
Yes and no. Folks can configure this (and other ssl_* settings) in lots of different way which are all disjoint from our default. > I'd rather test the normal configuration > normally and make people who want to run the test on a FIPS platform > do something different. How about a function in Cluster.pm which returns whether the underlying OpenSSL is using FIPS or not, and if it does we adjust the config to make it not fail on an unallowed group? That way we can have a CI job that runs with FIPS and the adjusted test config, and the rest - along with the Buildfarm - runs the default config. -- Daniel Gustafsson
