Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-2345

crypto-policy FUTURE blocks communication of redhat-support-tool

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Undefined Undefined
    • None
    • rhel-8.1.0
    • crypto-policies
    • None
    • Moderate
    • rhel-sst-cee-supportability
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Known Issue
    • Hide
      .`redhat-support-tool` does not work with the `FUTURE` crypto policy

      Because a cryptographic key used by a certificate on the Customer Portal API does not meet the requirements by the `FUTURE` system-wide cryptographic policy, the `redhat-support-tool` utility does not work with this policy level at the moment.

      To work around this problem, use the `DEFAULT` crypto policy while connecting to the Customer Portal API.
      Show
      .`redhat-support-tool` does not work with the `FUTURE` crypto policy Because a cryptographic key used by a certificate on the Customer Portal API does not meet the requirements by the `FUTURE` system-wide cryptographic policy, the `redhat-support-tool` utility does not work with this policy level at the moment. To work around this problem, use the `DEFAULT` crypto policy while connecting to the Customer Portal API.
    • Done
    • None

      Hello all,

      one of our customers just reported the following issue on RHEL 8.1.

      Current behavior:
      Setting the system crypto-policy to FUTURE is blocking the communication of redhat-support-tool with Customer Portal API.


      update-crypto-policies --set FUTURE
      redhat-support-tool kb 66281
      Please enter the password for rhn-support-rbobek:
      Save the password for rhn-support-rbobek in /root/.redhat-support-tool/redhat-support- tool.conf (y/n): n
      Problem connecting to the support services API. Is the service accessible from this host?
      #

      When we use some other crypto policy, the communication is working fine. The FUTURE crypto policy is very strict and probably is disabling cipher-suite needed for the communication:
      https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening

      Expected behavior:
      redhat-support-tool should work with the FUTURE crypto policy set.

              jira-bugzilla-migration RH Bugzilla Integration
              rhn-support-rbobek Roman Bobek
              RH Bugzilla Integration RH Bugzilla Integration
              RH Bugzilla Integration RH Bugzilla Integration
              Mirek Jahoda Mirek Jahoda
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

                Created:
                Updated:
                Resolved: