Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-103963

enable ML-DSA in NSS in PQ subpolicy [rhel-9]

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • crypto-policies-20250804-1.git2c74f3d.el9
    • No
    • Low
    • 1
    • rhel-security-crypto
    • 24
    • 26
    • 0.5
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Crypto25August
    • Hide

      AC1) Generated policy DEFAULT:PQ for NSS allows ML-DSA-44, ML-DSA-65 and ML-DSA-87.

      Show
      AC1) Generated policy DEFAULT:PQ for NSS allows ML-DSA-44, ML-DSA-65 and ML-DSA-87.
    • Pass
    • Automated
    • Enhancement
    • Hide
      Feature, enhancement: crypto-policies now supports enabling ML-DSA for NSS
      Reason: NSS now supports ML-DSA
      Result: NSS will consider using ML-DSA in TLS when PQ policy or a custom subpolicy enabling ML-DSA are in effect
      Show
      Feature, enhancement: crypto-policies now supports enabling ML-DSA for NSS Reason: NSS now supports ML-DSA Result: NSS will consider using ML-DSA in TLS when PQ policy or a custom subpolicy enabling ML-DSA are in effect
    • Proposed
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      as NSS nss-3.112 got support for ML-DSA in TLS, we should enable it in crypto-policies. In RHEL-9 that'd be PQ subpolicy specifically.

              asosedki@redhat.com Alexander Sosedkin
              asosedki@redhat.com Alexander Sosedkin
              Alexander Sosedkin Alexander Sosedkin
              Ondrej Moris Ondrej Moris
              Mirek Jahoda Mirek Jahoda
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated: