Tighten policies for RHEL-9

This commit is contained in:
Alexander Sosedkin 2021-02-18 18:38:39 +01:00
parent 705dc9cc64
commit b15b23030d
2 changed files with 12 additions and 3 deletions

View File

@ -1,5 +1,5 @@
%global git_date 20210213
%global git_commit 5c710c0cd17d9cb1954d3084c718791fc31bbcfe
%global git_date 20210218
%global git_commit 2246c55565af8c3bf09aa268eac55aa537678bb4
%{?git_commit:%global git_commit_hash %(c=%{git_commit}; echo ${c:0:7})}
%global _python_bytecompile_extra 0
@ -11,6 +11,7 @@ Summary: System-wide crypto policies
License: LGPLv2+
URL: https://gitlab.com/redhat-crypto/fedora-crypto-policies
# For RHEL-9 we use the upstream branch rhel9.
Source0: https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/archive/%{git_commit_hash}/%{name}-git%{git_commit_hash}.tar.gz
BuildArch: noarch
@ -185,6 +186,14 @@ end
%{_mandir}/man8/fips-finish-install.8*
%changelog
* Thu Feb 18 2021 Alexander Sosedkin <asosedkin@redhat.com> - 20210218-1.git2246c55
- require 2048 bit params in LEGACY
- require TLSv1.2/DTLSv1.2 in all policies
- disable DSA
- disable 3DES in LEGACY
- drop FFDHE-1024 from LEGACY
- drop (sub)policies we're not going to offer in RHEL-9
* Sat Feb 13 2021 Alexander Sosedkin <asosedkin@redhat.com> - 20210213-1.git5c710c0
- exclude RC4 from LEGACY
- introduce rc4_md5_in_krb5 to narrow AD_SUPPORT's impact

View File

@ -1 +1 @@
SHA512 (crypto-policies-git5c710c0.tar.gz) = 4f1290636eb484419cc749c7239cd9020344ec0dd7f71b5bee9fc0a493120e7549700a86ea24d03a51e5c7edaccc21c5184c4ec9397f25c6467be43c9607ae8f
SHA512 (crypto-policies-git2246c55.tar.gz) = 3b681d2d0b550a127de9ae706b6280710d144845d0ea5a78ebbb327adc6c6644dcc2016cbda2f68ed670a3c5395c494b9fbc4c2ca97832a1237ec618c2943b4e