To utilize openssl FIPS, you have to explicitly enable it, per the FIPS
user guide: https://www.openssl.org/docs/fips/UserGuide-2.0.pdf
So, my target would be redhat/centos where openssl FIPS is
certified/available, and then add a configuration parameter to enable it
(much like Apache HTTPD's SSLF
On 06/23/2017 10:51 PM, Tom Lane wrote:
> Michael Paquier writes:
>> On Sat, Jun 24, 2017 at 12:56 PM, Curtis Ruck
>> wrote:
>>> If I clean this up some, maintain styleguide, what is the likely hood of
>>> getting this included in the redhat packages, since redhat ships a certified
>>> FIPS imple
Michael Paquier writes:
> On Sat, Jun 24, 2017 at 12:56 PM, Curtis Ruck
> wrote:
>> If I clean this up some, maintain styleguide, what is the likely hood of
>> getting this included in the redhat packages, since redhat ships a certified
>> FIPS implementation?
> So they are applying a custom pat
On Sat, Jun 24, 2017 at 12:56 PM, Curtis Ruck
wrote:
> I've got a requirement for enabling FIPS support in our environment.
> Looking at postgresql's be-secure-openssl.c and mucking with it, it seems
> fairly straight forward to just add a few ifdefs and enable fips with a new
> configure flag and
I've got a requirement for enabling FIPS support in our environment.
Looking at postgresql's be-secure-openssl.c and mucking with it, it seems
fairly straight forward to just add a few ifdefs and enable fips with a new
configure flag and a new postgresql.conf configuration setting.
If I clean this