content crypto policy: NO-SHA1 is not needed for EL9

crypto policy: NO-SHA1 is not needed for EL9

Open champtar opened this issue 9 months ago • 0 comments

trafficstars

Share the context

EL 9 (RHEL / Alma / ...) DEFAULT crypto policy only uses SHA1 for HMAC where safe https://access.redhat.com/articles/6846411 https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/blob/rhel9/policies/DEFAULT.pol https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/blob/rhel9/policies/modules/NO-SHA1.pmod

Description of problem:

we direct users to use DEFAULT:NO-SHA1 but it's not needed

Proposed change:

Do not fail checks when user is using DEFAULT DEFAULT:NO-SHA1 doesn't change anything compared to DEFAULT on EL 9

Feb 10 '25 21:02 champtar

content content copied to clipboard

crypto policy: NO-SHA1 is not needed for EL9

Share the context

Description of problem:

Proposed change:

content
content copied to clipboard