Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: rhel-10.0.beta
Affects Version/s: rhel-10.0.beta
Component/s: openssl
Labels:

Fixed in Build:
openssl-3.2.2-7.el10
Regression:
None
Severity:
None
Epic Link:
CRYPTO-13963
sprint_count:
1

Pool Team:

sst_security_crypto
Sub-System Group:

ssg_security

Internal Target Milestone:
26
Story Points:
1
ACKs Check:

QE ack, Dev ack
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
No
Sprint:
Crypto24Q3

Acceptance Criteria:
- SHA-1 signature creation and verification with DEFAULT policy doesn't work in any context (TLS or outside of TLS)
- SHA-1 signature creation and verification with LEGACY policy works outside the TLS context
Test Plan:
https://tcms.engineering.redhat.com/case/613078/, https://tcms.engineering.redhat.com/case/613008/, https://tcms.engineering.redhat.com/case/617467/, https://tcms.engineering.redhat.com/case/610833/, https://tcms.engineering.redhat.com/case/614725/
Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/133129
Test Coverage:

Automated

Release Note Type:
Unspecified Release Note Type - Unknown

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

with openssl-3.2.1-3 both creating and verifying SHA-1 signatures works in normal mode. Unless the sha-1 policy is enabled that shouldn't work.

is related to

RHEL-50106 LEGACY policy should not permit SHA-1 signature use

Release Pending

RHEL-47210 -cipher DEFAULT:@SECLEVEL=0 -sigalgs SHA1+RSA does not enable support for SHA-1 signatures

Release Pending

links to

RHBA-2024:133129 OpenSSL bugfix release

Assignee:: Alicja Kario

Reporter:: Alicja Kario

Developer:: Dmitry Belyavskiy

QA Contact:: Alicja Kario

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2024/05/16 5:14 PM

Updated:: 2024/09/17 3:16 PM

Target end:: 2024/08/26