Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-59104

Exclude integrity-only TLS 1.3 by CP

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • rhel-10.0
    • rhel-10.0
    • crypto-policies
    • None
    • No
    • Low
    • 1
    • rhel-sst-security-crypto
    • ssg_security
    • None
    • False
    • Hide

      None

      Show
      None
    • No
    • Crypto24Q4
    • Hide

      1. (SanityOnly) TLS_SHA256_SHA256:TLS_SHA384_SHA384 are bound to cipher=NULL -or-
      2. (optional) Policy with cipher=NULL+ can be set, TLS_SHA256_SHA256 and TLS_SHA384_SHA384 can be negotiated when it's set, but not otherwise

      Show
      1. (SanityOnly) TLS_SHA256_SHA256:TLS_SHA384_SHA384 are bound to cipher=NULL -or- 2. (optional) Policy with cipher=NULL+ can be set, TLS_SHA256_SHA256 and TLS_SHA384_SHA384 can be negotiated when it's set, but not otherwise
    • Pass
    • None
    • Unspecified Release Note Type - Unknown
    • None

      OpenSSL 3.4+ provides support of integrity-only TLS 1.3 ciphersuites. They should be excluded by our crypto policies after rebasing to 3.4+

              asosedki@redhat.com Alexander Sosedkin
              dbelyavs@redhat.com Dmitry Belyavskiy
              Alexander Sosedkin Alexander Sosedkin
              Ondrej Moris Ondrej Moris
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: