Yes, we require SSL connections, because we have multiple clients that access the database external from the server where the database resides. Michael On Tue, Jan 11, 2011 at 10:36 PM, Kenneth Buckler <kenneth.buck...@gmail.com > wrote:
> Something to think about here....does your database actually require > encryption? Or is the encryption handled between remote user and > application? > If your database is shared locally on the same server as your > application, then you shouldn't need FIPS encryption since the > communication between database and application never leaves the > system. > Unless you have really strict application requirements. > > Ken > > On Tue, Jan 11, 2011 at 4:03 PM, M Sabin <postg...@sabes.net> wrote: > > Hello, > > > > My organization is in the process of getting a FIPS certification. I was > > wondering if anyone who has experience with getting their application > FIPS > > certified using postgres. I have read a little bit about this and saw > that > > you need to compile postgres manually using a FIPS capable version of > > openssl. > > > > However, I would like to know how you handled the startup self test of > > postgres and how you handled errors in the crypto module. > > > > I have started investigating compiling postgres using openssl-fips. > > However, I run into issues when I try to run the make scripts using the > > fipsld linker. > > > > The error I get is: > > fipsld -O2 -Wall -Wmissing-prototypes -Wpointer-arith > > -Wdeclaration-after-statement -Wendif-labels -fno-strict-aliasing -fwrapv > > -DDEF_PGPORT=5432 -I../../../src > > /interfaces/libpq -I../../../src/include -D_GNU_SOURCE > > -I/usr/local/ssl/fips/include -I/usr/local/include -c -o pg_ctl.o > pg_ctl.c > > fipsld -O2 -Wall -Wmissing-prototypes -Wpointer-arith > > -Wdeclaration-after-statement -Wendif-labels -fno-strict-aliasing -fwrapv > > pg_ctl.o -L../../../src/port -l pgport > > -L../../../src/interfaces/libpq -lpq -L../../../src/port > > -L/usr/local/ssl > > /fips/lib -L/usr/local/lib -Wl,--as-needed > -Wl,-rpath,'/usr/local/pgsql/lib' > > -lpgport -lssl -lcrypto -lcrypt -ldl -lm -o pg_ctl > > ./pg_ctl: error while loading shared libraries: libpq.so.5: cannot open > > shared object file: No such file or directory > > > > > > Just as a FYI, I am running configure and make in the following manner: > >> ./configure > --with-includes=/usr/local/ssl/fips/include:/usr/local/include > >> --with-libraries=/usr/local/ssl/fips/lib:/usr/local/lib --enable-shared > >> -with-openssl --without-readline --without-zlib > > > >> make CC=fipsld FIPSLD_CC=gcc > > > > Thanks for any help > > >