Message-ID: <gh-pgjdbc-pgjdbc-3756@github.com>
From: "bwillnus (@bwillnus)" <noreply+bwillnus@github.com>
To: "pgjdbc/pgjdbc" <noreply+pgjdbc-pgjdbc@github.com>
Date: Sun, 10 Aug 2025 07:48:36 +0000
Subject: [pgjdbc/pgjdbc] issue #3756: Invalid SCRAM client initialization in FIPS mode
List-Id: <gh-pgjdbc-pgjdbc.github.com>
X-GitHub-Author-Id: 225661210
X-GitHub-Author-Login: bwillnus
X-GitHub-Issue: 3756
X-GitHub-Repo: pgjdbc/pgjdbc
X-GitHub-State: open
X-GitHub-Type: issue
X-GitHub-Url: https://github.com/pgjdbc/pgjdbc/issues/3756
Content-Type: text/plain; charset=utf-8

**Describe the issue**
When trying to connect from JBoss EAP 7.4.9 I see the following error:

Invalid SCRAM client initialization

The same setup works with version 42.7.3.
It also works with 42.7.7  and FIPS mode disabled. 

**Driver Version?** 
42.7.7

**Java Version?**
OpenJDK Runtime Environment (build 1.8.0_422-b05)

**OS Version?**
AlmaLinux release 8.9 (Midnight Oncilla)
FIPS enabled

**PostgreSQL Version?**
17.5
ssl = off

**To Reproduce**
Steps to reproduce the behaviour:

- Enable FIPS mode and reboot: fips-mode-setup --enable
- Configure JBoss EAP to use a Datasource with the latest driver


**Logs**
`Connecting with URL: jdbc:postgresql://xxx.xxx.xxx:5432/xyz?
adaptiveFetch=false&adaptiveFetchMaximum=-1
&adaptiveFetchMinimum=0&allowEncodingChanges=false
&autosave=never&binaryTransfer=true&binaryTransferDisable=
&binaryTransferEnable=&cancelSignalTimeout=10
&channelBinding=prefer&cleanupSavepoints=false
&connectTimeout=10&databaseMetadataCacheFields=65536
&databaseMetadataCacheFieldsMiB=5
&defaultRowFetchSize=0&disableColumnSanitiser=false
&escapeSyntaxCallMode=select&groupStartupParameters=false
&gssEncMode=allow
&gsslib=auto&gssResponseTimeout=5000&gssUseDefaultCreds=false
&hideUnprivilegedObjects=false
&hostRecheckSeconds=10&jaasApplicationName=pgjdbc
&jaasLogin=true&loadBalanceHosts=false
&loginTimeout=0&logServerErrorDetail=true
&logUnclosedConnections=false&maxSendBufferSize=8192
&preferQueryMode=extended&preparedStatementCacheQueries=128
&preparedStatementCacheSizeMiB=5
&prepareThreshold=5&protocolVersion=3&quoteReturningIdentifiers=true
&readOnly=false
&readOnlyMode=transaction&receiveBufferSize=-1
&reWriteBatchedInserts=false&sendBufferSize=-1
&socketTimeout=0&sslfactory=org.postgresql.ssl.LibPQFactory
&sslNegotiation=postgres
&sslResponseTimeout=5000&sspiServiceClass=POSTGRES
&targetServerType=master&tcpKeepAlive=false
&tcpNoDelay=true&unknownLength=2147483647
&useSpnego=false&xmlFactoryFactory=


PostgreSQL JDBC Driver 42.7.7
  setDefaultFetchSize = 0
  setPrepareThreshold = 5

Trying to establish a protocol version 3 connection to xxxx.xxx.xxx.xxx:5432
Receive Buffer Size is 183,680
Send Buffer Size is 43,520
 FE=> SSLRequest postgres
 <=BE SSLRefused
 FE=> StartupPacket(user=xxxxxxx, database=xxxxxxxxx, client_encoding=UTF8, DateStyle=ISO, TimeZone=Europe/Berlin)
channelBinding( PREFER )
 <=BE AuthenticationSASL( [SCRAM-SHA-256] )

Connection error: : org.postgresql.util.PSQLException: Invalid SCRAM client initialization
       at org.postgresql.core.v3.ScramAuthenticator.initializeScramClient(ScramAuthenticator.java:67)
       at org.postgresql.core.v3.ScramAuthenticator.<init>(ScramAuthenticator.java:45)`