1
0
crypto-policies/crypto-policies-supported.patch
Martin Pluskal 4ac1e9ad7b Accepting request 1086482 from home:pmonrealgonzalez:branches:security:tls
- Update the update-crypto-policies(8) man pages and README.SUSE
  to mention the supported back-end policies. [bsc#1209998]
  * Add crypto-policies-supported.patch

- Update to version 20230420.3d08ae7:
  * openssl, alg_lists: add brainpool support
  * openssl: set Groups explicitly
  * codespell: ignore aNULL
  * rpm-sequoia: allow 1024 bit DSA and SHA-1 per FeSCO decision 2960
  * sequoia: add separate rpm-sequoia backend
  * crypto-policies.7: state upfront that FUTURE is not so interoperable
  * Makefile: update for asciidoc 10
  * Skip the LibreswanGenerator and SequoiaGenerator:
    - Add crypto-policies-policygenerators.patch
  * Remove crypto-policies-test_supported_modules_only.patch
  * Rebase crypto-policies-no-build-manpages.patch

- Update to version 20221214.a4c31a3:
  * bind: expand the list of disableable algorithms
  * libssh: Add support for openssh fido keys
  * .gitlab-ci.yml: install krb5-devel for krb5-config
  * sequoia: check using sequoia-policy-config-check
  * sequoia: introduce new back-end
  * Makefile: support overriding asciidoc executable name
  * openssh: make none and auto explicit and different
  * openssh: autodetect and allow forcing RequiredRSASize presence/name
  * openssh: remove _pre_8_5_ssh
  * pylintrc: update
  * Revert "disable SHA-1 further for a Fedora 38 Rawhide "jump scare"..."
  * disable SHA-1 further for a Fedora 38 Rawhide "jump scare"...

OBS-URL: https://build.opensuse.org/request/show/1086482
OBS-URL: https://build.opensuse.org/package/show/security:tls/crypto-policies?expand=0&rev=15
2023-05-14 10:09:24 +00:00

38 lines
1.4 KiB
Diff

Index: fedora-crypto-policies-20230420.3d08ae7/update-crypto-policies.8.txt
===================================================================
--- fedora-crypto-policies-20230420.3d08ae7.orig/update-crypto-policies.8.txt
+++ fedora-crypto-policies-20230420.3d08ae7/update-crypto-policies.8.txt
@@ -54,23 +54,23 @@ are configured to follow the default pol
The generated back-end policies will be placed in /etc/crypto-policies/back-ends.
Currently the supported back-ends (and directive scopes they respect) are:
-* GnuTLS library (GnuTLS, SSL, TLS)
+* GnuTLS library (GnuTLS, SSL, TLS) (Supported)
-* OpenSSL library (OpenSSL, SSL, TLS)
+* OpenSSL library (OpenSSL, SSL, TLS) (Supported)
-* NSS library (NSS, SSL, TLS)
+* NSS library (NSS, SSL, TLS) (Not supported)
-* OpenJDK (java-tls, SSL, TLS)
+* OpenJDK (java-tls, SSL, TLS) (Supported only for java-1_8_0-openjdk and java-11-openjdk)
-* Libkrb5 (krb5, kerberos)
+* Libkrb5 (krb5, kerberos) (Not supported)
-* BIND (BIND, DNSSec)
+* BIND (BIND, DNSSec) (Not supported)
-* OpenSSH (OpenSSH, SSH)
+* OpenSSH (OpenSSH, SSH) (Not supported)
-* Libreswan (libreswan, IKE, IPSec)
+* Libreswan (libreswan, IKE, IPSec) (Not supported)
-* libssh (libssh, SSH)
+* libssh (libssh, SSH) (Not supported)
Applications and languages which rely on any of these back-ends will follow
the system policies as well. Examples are apache httpd, nginx, php, and