Systemwide crypto policies
79781382b2
- Switch to a version based on Fedora 41 crypto-policies (20240521-1.gitf71d135.fc41), and replace the changelog with Fedora changelog - Shape up RHEL-10: remove GOST-ONLY policy and GOST subpolicy - Shape up RHEL-10: remove NEXT policy - Shape up RHEL-10: remove BSI policy - Shape up RHEL-10: remove TEST-FEDORA41 policy - Shape up RHEL-10: remove NO-SHA1 subpolicy - Shape up RHEL-10: remove SHA1 subpolicy - Shape up RHEL-10: remove TEST-PQ policy - Shape up RHEL-10: disable CAMELLIA in all policies... - Shape up RHEL-10: drop FFDHE-1024 from LEGACY - Shape up RHEL-10: DEFAULT: remove Fedora-only DSA-SHA1 RPM enablement - Shape up RHEL-10: remove Fedora-specific __openssl_block_sha1_signatures... - Shape up RHEL-10: disable 3DES in LEGACY - Shape up RHEL-10: disable DSA - Shape up RHEL-10: mark LEGACY as 80-bit security (@tomato42) - Shape up RHEL-10: require TLSv1.2/DTLSv1.2 in all policies - Shape up RHEL-10: requre 2048 bit params in LEGACY - Shape up RHEL-10: FUTURE: disable CBC ciphers for all but krb5 - Shape up RHEL-10: disable DHE-DSS even in LEGACY - Shape up RHEL-10: gnutls: explicit ECDSA-SECPNNNR1-SHANNN + reorder - Shape up RHEL-10: openssh: disable DHE-FFDHE-1024-SHA1 server config hack - Shape up RHEL-10: FIPS: disable SHA-1 HMAC in FIPS policy - Shape up RHEL-10: FIPS: disable CBC ciphers except in Kerberos - Shape up RHEL-10: policies/modules: update AD-SUPPORT away from RC4/MD5 - Shape up RHEL-10: drop DNSSEC SHA-1 exception from DEFAULT |
||
|---|---|---|
| .gitignore | ||
| crypto-policies.spec | ||
| gating.yaml | ||
| sources | ||