Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

SWIFT: Generate New Ti...

SWIFT: POC Conversion

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Normal
Fix Version/s: rhel-9.7
Affects Version/s: rhel-9.7
Component/s: crypto-policies
Labels:
- Accepted
- CY25Q3
- Committed
- rn-yml

Fixed in Build:
crypto-policies-20250721-1.git162e4cb.el9
Regression:
No
Severity:
Low
Epic Link:
CRYPTO-16984
sprint_count:
1

AssignedTeam:
rhel-security-crypto

Dev Target Milestone:
21
Internal Target Milestone:
26
Story Points:
0.2
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
Yes
Sprint:
Crypto25August

Acceptance Criteria:

Hide

AC1) ED25519 is allowerd in NSS generated policies (all except FIPS).

Show
AC1) ED25519 is allowerd in NSS generated policies (all except FIPS).
Preliminary Testing:
Pass
Errata Link:
https://errata.devel.redhat.com/advisory/150605
Gating Tests:

Enabled
Test Coverage:

Automated

Release Note Type:
Enhancement
Release Note Text:

Hide
.`crypto-policies` support Ed25519 in NSS

With this update to the system-wide cryptographic policies, support for the SHA-512 variant of the Edwards-curve Digital Signature Algorithm (EdDSA), Ed25519, is available for Network Security Services (NSS). As a result, `crypto-policies` enable Ed25519 in DEFAULT, LEGACY, and FUTURE policies for NSS by default.

Show
.`crypto-policies` support Ed25519 in NSS With this update to the system-wide cryptographic policies, support for the SHA-512 variant of the Edwards-curve Digital Signature Algorithm (EdDSA), Ed25519, is available for Network Security Services (NSS). As a result, `crypto-policies` enable Ed25519 in DEFAULT, LEGACY, and FUTURE policies for NSS by default.
Release Note Status:
Done
ProdDocsReview-CCS:
Unspecified
ProdDocsReview-Dev:
Unspecified
ProdDocsReview-QE:
Unspecified

Experience:

PX Impact Score:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

NSS RHEL-9 crypto-policy doesn't have ED25519, which is likely just an oversight. Wire it up to `sign = EDDSA-ED25519`.

links to

RHBA-2025:150605 crypto-policies bug fix and enhancement update

Assignee:: Alexander Sosedkin

Reporter:: Alexander Sosedkin

Contributors:: Malhar Jivrajani

Developer:: Alexander Sosedkin

QA Contact:: Ondrej Moris

Doc Contact:: Mirek Jahoda

Votes:: 0 Vote for this issue

Watchers:: 7 Start watching this issue

Created:: 2025/07/21 2:00 PM

Updated:: 2025/11/11 11:24 AM

Resolved:: 2025/11/11 11:24 AM

Dev Target end:: 2025/07/21

Target end:: 2025/08/25

Next Planned Release Date:: 2025/11/11

Release Date:: 2025/11/11