Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-bugs-owner+archive@lists.postgresql.org>)
	id 1wGHgQ-0064GV-2M
	for pgsql-bugs@arkaria.postgresql.org;
	Fri, 24 Apr 2026 14:39:07 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-bugs-owner+archive@lists.postgresql.org>)
	id 1wGHgP-006qJk-2M
	for pgsql-bugs@arkaria.postgresql.org;
	Fri, 24 Apr 2026 14:39:05 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1wGHgP-006qG3-1V
	for pgsql-bugs@lists.postgresql.org;
	Fri, 24 Apr 2026 14:39:05 +0000
Received: from sss.pgh.pa.us ([68.162.161.243])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.98.2)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1wGHgI-00000002q2O-0N95
	for pgsql-bugs@lists.postgresql.org;
	Fri, 24 Apr 2026 14:39:00 +0000
Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1])
	by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 63OEcsPJ1612211;
	Fri, 24 Apr 2026 10:38:54 -0400
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Daniel Gustafsson <daniel@yesql.se>
cc: Michael Paquier <michael@paquier.xyz>, ansh01072001@gmail.com,
        pgsql-bugs@lists.postgresql.org
Subject: Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers (bf, cast5, 3des) when OpenSSL is in FIPS mod
In-reply-to: <99F0B98C-2276-4C01-B553-BDD0806CAEEF@yesql.se>
References: <19457-4bab15c17aea36c7@postgresql.org> <3A2299BC-1684-4CEB-BD65-1DEBFB446F24@yesql.se> <aervokmPnxlO6Oqs@paquier.xyz> <99F0B98C-2276-4C01-B553-BDD0806CAEEF@yesql.se>
Comments: In-reply-to Daniel Gustafsson <daniel@yesql.se>
	message dated "Fri, 24 Apr 2026 10:11:04 +0200"
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <1612209.1777041534.1@sss.pgh.pa.us>
Content-Transfer-Encoding: quoted-printable
Date: Fri, 24 Apr 2026 10:38:54 -0400
Message-ID: <1612210.1777041534@sss.pgh.pa.us>
List-Id: <pgsql-bugs.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-bugs@lists.postgresql.org>
List-Owner: <mailto:pgsql-bugs-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-bugs>
Archived-At: <https://www.postgresql.org/message-id/1612210.1777041534%40sss.pgh.pa.us>
Precedence: bulk

Daniel Gustafsson <daniel@yesql.se> writes:
>> On 24 Apr 2026, at 06:20, Michael Paquier <michael@paquier.xyz> wrote:
>> I am interesting in getting that fixed for the next point release, so
>> I have given it a try, finishing with the attached.  This would cause
>> pgp_sym_encrypt() and pgp_sym_decrypt() to complain when the builtin
>> mode is disabled, making things more consistent with the surroundings.

> I'm not convinced this is material for a minor release, the feature work=
s as
> documented and it was never documented to cover PGP.  Re-reading the thr=
ead PGP
> was never discussed, and while that admittedly seem like an oversight do=
ing
> this in a minor release will alter documented behaviour which is general=
ly not
> what we want to do.

I sympathize with that argument, but ... people who are running in
FIPS mode are probably doing so because they have contractual or legal
obligations to meet that standard.  A person who could be in hot water
if they are accidentally running disallowed crypto would see this as a
dangerous bug.  A person who does not care should not be using FIPS
mode.

			regards, tom lane