openssl

Author	SHA1	Message	Date
Dmitry Belyavskiy	477d91adec	Rebasing to OpenSSL 3.0.7 Resolves: rhbz#2129063	2022-11-24 10:31:36 +01:00
Dmitry Belyavskiy	f4e1bded66	Improve diagnostics when passing unsupported groups in TLS Related: rhbz#2070197	2022-06-24 17:17:35 +02:00
Dmitry Belyavskiy	8638196167	Ciphersuites with RSAPSK KX should be filterd in FIPS mode Related: rhbz#2085088	2022-06-16 15:06:45 +02:00
Dmitry Belyavskiy	b5de6bd830	In FIPS mode limit key sizes for signature verification Resolves: rhbz#2077884	2022-05-23 19:16:11 +02:00
Dmitry Belyavskiy	7bc4f9f094	Ciphersuites with RSA KX should be filterd in FIPS mode Related: rhbz#2085088	2022-05-23 19:16:11 +02:00
Dmitry Belyavskiy	b393177f7d	`openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode Resolves: rhbz#2083240	2022-05-23 19:16:09 +02:00
Dmitry Belyavskiy	69c1abb4df	openssl req defaults on PKCS#8 encryption changed to AES-256-CBC Resolves: rhbz#2063947	2022-05-12 13:45:42 +02:00
Dmitry Belyavskiy	1b2d08b2c2	Adaptation of upstream patches disabling explicit EC parameters in FIPS mode Resolves: rhbz#2058663	2022-05-06 17:41:32 +02:00
Dmitry Belyavskiy	ad863e9fc8	OpenSSL FIPS module should not build in non-approved algorithms Resolves: rhbz#2081378	2022-05-05 17:34:49 +02:00
Dmitry Belyavskiy	02c75e5a65	We dont'want totally forbid RSA encryption. Related: rhbz#2053289	2022-05-02 15:54:28 +02:00
Dmitry Belyavskiy	7a1c7b28bc	FIPS provider doesn't block RSA encryption for key transport Resolves: rhbz#2053289	2022-03-29 13:32:47 +02:00
Dmitry Belyavskiy	922b5301ea	Adjust FIPS provider version FIPS provider version is now autofilled from release and date Related: rhbz#2026445	2022-02-01 16:02:01 +01:00
Dmitry Belyavskiy	d237e7f301	Restoring fips=yes to SHA-1 Related: rhbz#2026445	2022-01-21 13:48:28 +01:00
Dmitry Belyavskiy	cc37486d86	Minimize the list of services allowed for FIPS Related: rhbz#2026445	2022-01-17 13:19:29 +01:00

14 Commits