7c076748f3
implement scoped policies, e.g., cipher@SSH = ... implement algorithm globbing, e.g., cipher@SSH = -*-CBC deprecate derived properties: tls_cipher, ssh_cipher, ssh_group, ike_protocol, sha1_in_dnssec deprecate unscoped form of protocol property openssl: set MinProtocol / MaxProtocol separately for TLS and DTLS openssh: use PubkeyAcceptedAlgorithms instead of PubkeyAcceptedKeyTypes libssh: respect ssh_certs restrict FIPS:OSPP further improve Python 3.10 compatibility update documentation expand upstream test coverage FUTURE: disable CBC ciphers for all backends but krb5 openssl: LEGACY must have SECLEVEL=1, enabling SHA1 disable DHE-DSS in LEGACY bump LEGACY key size requirements from 1023 to 1024 add javasystem backend *ssh: condition ecdh-sha2-nistp384 on SECP384R1 set %verify(not mode) for backend sometimes-symlinks-sometimes-not gnutls: use allowlisting Resolves: bz1975854
2 lines
174 B
Plaintext
2 lines
174 B
Plaintext
SHA512 (crypto-policies-gitdd7d273.tar.gz) = 9797e6c6b95ab4cb13e30016ac76b3bbdc5e23b42848ea11e81e91d433f62a5f1c3c6992f83760e69a5c3529e13d18b2f843e097e5be1afeb2b31dc1b39e94c0
|