From 0eaa0014c906fd7054c29ab8b5f609f78def2dbf Mon Sep 17 00:00:00 2001 From: Clemens Lang Date: Wed, 20 Apr 2022 15:47:37 +0200 Subject: [PATCH] Fix a FIXME in the openssl.cnf(5) manpage Signed-off-by: Clemens Lang --- 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch | 2 +- openssl.spec | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch b/0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch index eea02f8..e6a1925 100644 --- a/0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch +++ b/0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch @@ -86,7 +86,7 @@ index 0c9110d28a..02e7ca706f 100644 +Note that enabling B will allow TLS signature +algorithms that use SHA1 in security level 1, despite the definition of -+security level 1 of FIXME bits of security, which SHA1 does not meet. This ++security level 1 of 80 bits of security, which SHA1 does not meet. This +allows using SHA1 in TLS in the LEGACY crypto-policy on Fedora without +requiring to set the security level to 0, which would include further insecure +algorithms. diff --git a/openssl.spec b/openssl.spec index 4f3c502..af8a1f2 100644 --- a/openssl.spec +++ b/openssl.spec @@ -405,6 +405,7 @@ install -m644 %{SOURCE9} \ %changelog * Wed Apr 20 2022 Clemens Lang - 1:3.0.2-3 - Disable SHA-1 by default in ELN using the patches from CentOS +- Fix a FIXME in the openssl.cnf(5) manpage * Thu Apr 07 2022 Clemens Lang - 1:3.0.2-2 - Silence a few rpmlint false positives.