[ol8_baseos_latest] crypto-policies-20210617-1.gitc776d3e.el8.noarch

This package provides pre-built configuration files with
cryptographic policies for various cryptographic back-ends,
such as SSL/TLS libraries.

Changelog (Show File list) (Show related packages)

• Thu Jun 17 2021 Alexander Sosedkin <asosedkin@redhat.com> - 20210617-1.gitc776d3e

  - implement scoped policies, e.g., cipher@SSH = ... (#1960266)
  - implement algorithm globbing, e.g., cipher@SSH = -*-CBC
  - deprecate derived properties:
    tls_cipher, ssh_cipher, ssh_group, ike_protocol
  - deprecate sha1_in_dnssec property
  - deprecate unscoped form of protocol property
  - update documentation
  - expand upstream test coverage
  - openssl: set MinProtocol / MaxProtocol separately for TLS and DTLS (#1946522)
  - support AES-192 ciphers in custom policies for non-TLS scenarios (#1876846)
  - stop claiming Camellia is disabled (#1925104)
  - disable CBC ciphers in FUTURE for everything but Kerberos (#1933016)
  - drop SHA224 from signature algorithms in FIPS:OSPP (#1934755)
  - condition ecdh-sha2-nistp384 on SECP384R1

• Tue Feb 09 2021 Alexander Sosedkin <asosedkin@redhat.com> - 20210209-1.gitbfb6bed

  - OSPP subpolicy: tweak for RHEL-8.3+
  - libssh: respect ssh_certs

• Mon Jul 13 2020 Tomáš Mráz <tmraz@redhat.com> - 20200713-1.git51d1222

  - OSPP subpolicy: remove AES-CCM
  - openssl: handle the AES-CCM removal properly

• Wed Jul 01 2020 Tomáš Mráz <tmraz@redhat.com> - 20200629-1.git806b5d3

  - disallow X448/ED448 in FIPS policy with gnutls >= 3.6.12
  - add AD-SUPPORT policy module

• Wed Jun 10 2020 Tomáš Mráz <tmraz@redhat.com> - 20200610-1.git0ac8b1f

  - fallback to FIPS policy instead of the default-config in FIPS mode
  - java: Document properly how to override the crypto policy
  - krb5: No support for 3des anymore
  - reorder the signature algorithms to follow the order in default openssl list

• Tue Jun 09 2020 Tomáš Mráz <tmraz@redhat.com> - 20200527-5.gitb234a47

  - make the post script work in environments where /proc/sys is not available

• Fri May 29 2020 Tomáš Mráz <tmraz@redhat.com> - 20200527-4.gitb234a47

  - automatically set up FIPS policy in FIPS mode on first install

• Thu May 28 2020 Tomáš Mráz <tmraz@redhat.com> - 20200527-2.git63fc906

  - explicitly enable DHE-DSS in gnutls config if enabled in policy
  - use grubby with --update-kernel=ALL to avoid breaking kernelopts
  - OSPP subpolicy: Allow GCM for SSH protocol
  - openssh: Support newly standardized ECDHE-GSS and DHE-GSS key exchanges
  - if the policy in FIPS mode is not a FIPS policy print a message
  - openssl: Add SignatureAlgorithms support
  - custom crypto policies: enable completely overriding contents of the list
    value
  - added ECDHE-ONLY.pmod policy module example
  - openssh: make LEGACY policy to prefer strong public key algorithms
  - various python code cleanups
  - update-crypto-policies: dump the current policy to
    /etc/crypto-policies/state/CURRENT.pol
  - split scripts into their own subpackage

• Mon Dec 16 2019 Tomáš Mráz <tmraz@redhat.com> - 20191128-2.git23e1bf1

  - move the pre-built .config files to /usr/share/crypto-policies/back-ends

• Fri Nov 29 2019 Tomáš Mráz <tmraz@redhat.com> - 20191128-1.git23e1bf1

  - fips-mode-setup: compatibility with RHCOS