Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-bugs-owner+archive@lists.postgresql.org>)
	id 1wGQoM-006D8y-0f
	for pgsql-bugs@arkaria.postgresql.org;
	Sat, 25 Apr 2026 00:23:54 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-bugs-owner+archive@lists.postgresql.org>)
	id 1wGQoL-007wfk-1S
	for pgsql-bugs@arkaria.postgresql.org;
	Sat, 25 Apr 2026 00:23:53 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <mail@joeconway.com>)
	id 1wGQoK-007wfb-1n
	for pgsql-bugs@lists.postgresql.org;
	Sat, 25 Apr 2026 00:23:53 +0000
Received: from mail-yw1-x1135.google.com ([2607:f8b0:4864:20::1135])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.98.2)
	(envelope-from <mail@joeconway.com>)
	id 1wGQoH-00000002uG0-31uU
	for pgsql-bugs@lists.postgresql.org;
	Sat, 25 Apr 2026 00:23:52 +0000
Received: by mail-yw1-x1135.google.com with SMTP id 00721157ae682-7a4f9cf2b4eso68400717b3.3
        for <pgsql-bugs@lists.postgresql.org>; Fri, 24 Apr 2026 17:23:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=joeconway.com; s=google; t=1777076627; x=1777681427; darn=lists.postgresql.org;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:cc:to:subject:user-agent:mime-version:date:message-id
         :from:to:cc:subject:date:message-id:reply-to;
        bh=vQYWM/lQheb6yHDeAvR4NLaUSKpuaHflTJWh5MgBirk=;
        b=oUUgU0N7y+dVtt1G0ERWOkRoBoAD2jDVYvwbt7CzAqYfxuCnn5dWsJL0ggKTMzf8aN
         NzZIIBn2epUbOx8lxGu2gYcLtQYMCI483esJ0q2bu+tWzGjHV6PVW3X+k6NB3hL1rz/0
         MBDBYaUYLhZrXwCx0VGtBFOQpShposEL2gVHl78utfiYwvsrvTgu9sAr+KEw8VC3omTY
         ySGbr0L7jeKhPZo3YcRl3eCcw3GC6WG31NgwzgnnYw89yRFT4mwcpXU85MmfJ5U9yWH9
         yUowbQB75aViNvuzjXLdiO/O2IABG0KBEUZn/r04hK4NHHuP3aXFZ7YnOOMLfbW6reX3
         esSg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1777076627; x=1777681427;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:cc:to:subject:user-agent:mime-version:date:message-id
         :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=vQYWM/lQheb6yHDeAvR4NLaUSKpuaHflTJWh5MgBirk=;
        b=KH+tbc5l8rviNkNgYb+IR/qOdaNxTFquj+Y3BM/lZc5yG0Hm3mzyMaOEjW+UBzmcAx
         i39GF/bd6A7YGPUKd8/Ouu8HqfmWkk9TL6Hg8gWUwkNw3Sc9s0jt0DDe3oT6Jf00lcN9
         EBb6Rr8lkY/AMDo6kUp58DNvkF+DLIlS4C43u0vYUj77DT4Y6TEIN0dxON2dkPgZMazt
         elOkWdwcgZMGunI3KicXjweO45mzfDnwjWCznMLTxYE07Yf3QO5OadIrmGDVh+RK+5Ke
         32nkhB45hfALBe/OXOBAI0mv0PPgLAec/3NMxxejIaiUvZGY8VqbMkJHMFBXnLkUU0s1
         lT/Q==
X-Forwarded-Encrypted: i=1; AFNElJ92cQwdz8N4NnRaMVK07aE49fo5ZPXu1El5pyT2E5/rnLmouuHx1q6x+cJNlsF1Mm1tXOryxP6LfMUR@lists.postgresql.org
X-Gm-Message-State: AOJu0Yy8tz01ckKW2nybzI/xgrlvAnJd2gCJCqUP8Fcxsbb0+Cv/LRQ2
	GhXP3Nia3DUq462b7U9aE6VuYyfjYiBuvIpf4A9hIcaeq8fLA+69DJMUjJz1HkrIxqA=
X-Gm-Gg: AeBDieuHAkYt3+v4CmtWXd1RdyWhUSi+dyJPNX8klg+J85B18/yJPkH3LpYvHWDfvcI
	pmmbLgD5TYuXNkK5h0/nIgycs3uNN516Ns4+YgeRpOSOTSc6dh56xy+gJ6J47oiaxyoiMQxZqkM
	YbDeefcbkI7AmdppLtvoEnEpl485+C9GneaH/M0+H+BbR2euSAO0TeN4E0tfvCeX6Y7RNsZj54J
	4N6zvUAlANJuo//5+20l0DotDwiUfOG1koYk5akm+Yytod3isVp57j8mGCuosXXjdxEw2Jf9Wrn
	i6TRkjyKzGa0rZCH3dktnKg//XZRoOPxOvaMSRm4KQaX5I8z22BnG3kJq3MJKmnxzRu28c+P+ef
	iyA8IAt5SbxEDgn1tR61vbefz6JCmFQ29vps49jw4hCb4aoxgr9oomtKSg5NR0G75aRskKZ7iNJ
	B6uhOotrBSi6ES3BrxKJqD3EO/fgqYgxnhlEE=
X-Received: by 2002:a05:690c:a047:b0:7b1:3579:2efd with SMTP id 00721157ae682-7b9ecfc8857mr275398517b3.39.1777076627205;
        Fri, 24 Apr 2026 17:23:47 -0700 (PDT)
Received: from [192.168.4.42] ([46.110.138.68])
        by smtp.gmail.com with ESMTPSA id 00721157ae682-7b9ee9b1c4dsm99116817b3.33.2026.04.24.17.23.45
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Fri, 24 Apr 2026 17:23:46 -0700 (PDT)
Message-ID: <4ab05a1f-f709-4ba1-b9d4-5d3ded89f7b8@joeconway.com>
Date: Fri, 24 Apr 2026 20:23:45 -0400
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: BUG #19457: RE: pgp_sym_encrypt silently accepts non-FIPS ciphers
 (bf, cast5, 3des) when OpenSSL is in FIPS mod
To: Michael Paquier <michael@paquier.xyz>, Daniel Gustafsson <daniel@yesql.se>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, ansh01072001@gmail.com,
 pgsql-bugs@lists.postgresql.org
References: <19457-4bab15c17aea36c7@postgresql.org>
 <3A2299BC-1684-4CEB-BD65-1DEBFB446F24@yesql.se>
 <aervokmPnxlO6Oqs@paquier.xyz>
 <99F0B98C-2276-4C01-B553-BDD0806CAEEF@yesql.se>
 <1612210.1777041534@sss.pgh.pa.us>
 <71c66a3b-4c0d-447b-8b84-ef15ac047561@joeconway.com>
 <98BDEEAC-A401-41D8-B9C0-A1EBEBF2E08E@yesql.se>
 <aevvZLh_lYs-jo-s@paquier.xyz>
Content-Language: en-US
From: Joe Conway <mail@joeconway.com>
In-Reply-To: <aevvZLh_lYs-jo-s@paquier.xyz>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
List-Id: <pgsql-bugs.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-bugs@lists.postgresql.org>
List-Owner: <mailto:pgsql-bugs-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-bugs>
Archived-At: <https://www.postgresql.org/message-id/4ab05a1f-f709-4ba1-b9d4-5d3ded89f7b8%40joeconway.com>
Precedence: bulk

On 4/24/26 18:32, Michael Paquier wrote:
> He has added a paragraph about the set of ciphers that are allowed
> in FIPS.  Do we actually need to mention these explicitely? Perhaps
> a link to an external source would be more adapted?  I am not
> convinced that this is a good addition for pgcrypto, but feel free
> to disagree.


+1 for a link to an external source, specifically the official NIST 
reference I would think.

-- 
Joe Conway
PostgreSQL Contributors Team
Amazon Web Services: https://aws.amazon.com