| If any uncommented lines in \pg_hba.conf do not start with "hostssl", this is a finding. |
The "ssleay32_dll" and "libeay32.dll" files in \bin should be FIPS 140-2 compliant DLLs from EnterpriseDB. These are included in EDB Postgres Advanced Server v11 update 6 (i.e., 11.6) and greater.
If the installed EDB v11 is not update 11.6 or greater, this is a finding.
If C:\usr\local\ssl\openssl.cnf does not exist with these contents, or if an System Environment variable called OPENSSL_CONF pointing to a file with these contents has not been created, this is a finding:
HOME = .
RANDFILE = $ENV::HOME/.rnd