Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-39962

Disallow SHA1 at SECLEVEL2 in OpenSSL

XMLWordPrintable

    • openssl-3.2.2-7.el10
    • None
    • None
    • 1
    • sst_security_crypto
    • ssg_security
    • 26
    • 0.2
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Crypto24Q3
    • Hide

      AC1) SHA-1 hashes should not be allowed in TLS context when SECLEVEL=2 (default) either in DEFAULT crypto policy or LEGACY.

      Show
      AC1) SHA-1 hashes should not be allowed in TLS context when SECLEVEL=2 (default) either in DEFAULT crypto policy or LEGACY.
    • Pass
    • Not Needed
    • Automated
    • Removed Functionality
    • Hide
      .OpenSSL no longer permits SHA-1 at `SECLEVEL=2` in TLS

      OpenSSL does not accept the SHA-1 algorithm at `SECLEVEL=2` in TLS in RHEL 10. If your scenario requires using TLS 1.0/1.1, you must explicitly set `SECLEVEL=0` and switch to the LEGACY system-wide cryptographic policy. In the LEGACY policy, applications that use SHA-1 in signatures outside of TLS will continue to work.
      Show
      .OpenSSL no longer permits SHA-1 at `SECLEVEL=2` in TLS OpenSSL does not accept the SHA-1 algorithm at `SECLEVEL=2` in TLS in RHEL 10. If your scenario requires using TLS 1.0/1.1, you must explicitly set `SECLEVEL=0` and switch to the LEGACY system-wide cryptographic policy. In the LEGACY policy, applications that use SHA-1 in signatures outside of TLS will continue to work.
    • Done
    • None

      0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch should be removed

              dbelyavs@redhat.com Dmitry Belyavskiy
              dbelyavs@redhat.com Dmitry Belyavskiy
              Dmitry Belyavskiy Dmitry Belyavskiy
              George Pantelakis George Pantelakis
              Jan Fiala Jan Fiala
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: