Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-59104

Exclude integrity-only TLS 1.3 by CP

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • crypto-policies-20250424-1.git9267dee.el10
    • No
    • Low
    • 1
    • rhel-security-crypto
    • ssg_security
    • 25
    • 26
    • 1
    • QE ack, Dev ack
    • False
    • False
    • Hide

      None

      Show
      None
    • No
    • Crypto25Q2
    • Hide

      AC1 SanityOnly) TLS_SHA256_SHA256:TLS_SHA384_SHA384 are bound to cipher=NULL+
      AC2 (optional)) TLS_SHA256_SHA256 and TLS_SHA384_SHA384 can be negotiated only when a. policy with cipher=NULL+ is set b. policy sets SECLEVEL=0 with, e.g., min_rsa_size=0 c. system is not in FIPS mode

      Show
      AC1 SanityOnly) TLS_SHA256_SHA256:TLS_SHA384_SHA384 are bound to cipher=NULL+ AC2 (optional)) TLS_SHA256_SHA256 and TLS_SHA384_SHA384 can be negotiated only when a. policy with cipher=NULL+ is set b. policy sets SECLEVEL=0 with, e.g., min_rsa_size=0 c. system is not in FIPS mode
    • Pass
    • Not Needed
    • Automated
    • Unspecified Release Note Type - Unknown
    • None

      OpenSSL 3.4+ provides support of integrity-only TLS 1.3 ciphersuites. They should be excluded by our crypto policies after rebasing to 3.4+

              asosedki@redhat.com Alexander Sosedkin
              dbelyavs@redhat.com Dmitry Belyavskiy
              Alexander Sosedkin Alexander Sosedkin
              George Pantelakis George Pantelakis
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: