Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-2345

crypto-policy FUTURE blocks communication of redhat-support-tool

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Undefined
    • None
    • rhel-8.1.0
    • crypto-policies
    • Normal
    • sst_cee_supportability
    • False
    • Hide

      None

      Show
      None
    • Known Issue
    • Hide
      .`redhat-support-tool` does not work with the `FUTURE` crypto policy

      Because a cryptographic key used by a certificate on the Customer Portal API does not meet the requirements by the `FUTURE` system-wide cryptographic policy, the `redhat-support-tool` utility does not work with this policy level at the moment.

      To work around this problem, use the `DEFAULT` crypto policy while connecting to the Customer Portal API.
      Show
      .`redhat-support-tool` does not work with the `FUTURE` crypto policy Because a cryptographic key used by a certificate on the Customer Portal API does not meet the requirements by the `FUTURE` system-wide cryptographic policy, the `redhat-support-tool` utility does not work with this policy level at the moment. To work around this problem, use the `DEFAULT` crypto policy while connecting to the Customer Portal API.
    • Done

    Description

      Hello all,

      one of our customers just reported the following issue on RHEL 8.1.

      Current behavior:
      Setting the system crypto-policy to FUTURE is blocking the communication of redhat-support-tool with Customer Portal API.


      update-crypto-policies --set FUTURE
      redhat-support-tool kb 66281
      Please enter the password for rhn-support-rbobek:
      Save the password for rhn-support-rbobek in /root/.redhat-support-tool/redhat-support- tool.conf (y/n): n
      Problem connecting to the support services API. Is the service accessible from this host?
      #

      When we use some other crypto policy, the communication is working fine. The FUTURE crypto policy is very strict and probably is disabling cipher-suite needed for the communication:
      https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening

      Expected behavior:
      redhat-support-tool should work with the FUTURE crypto policy set.

      Attachments

        Activity

          People

            jira-bugzilla-migration RH Bugzilla Integration
            rhn-support-rbobek Roman Bobek
            RH Bugzilla Integration RH Bugzilla Integration
            RH Bugzilla Integration RH Bugzilla Integration
            Mirek Jahoda Mirek Jahoda
            Votes:
            0 Vote for this issue
            Watchers:
            14 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: