Loading...

XML

Word

Printable

Acceptance Criteria:

Hide

gnutls configs gain an extra line, `allow-rsa-pkcs1-encrypt = true` in LEGACY and `allow-rsa-pkcs1-encrypt = false` in the other policies
[/CoreOS/crypto-policies/Sanity/retention]

it's wired to __rsaes_pkcs1_v1_5_encrypt_decrypt = ALLOW/DISALLOW [manual one-time inspection]

Show
gnutls configs gain an extra line, `allow-rsa-pkcs1-encrypt = true` in LEGACY and `allow-rsa-pkcs1-encrypt = false` in the other policies [/CoreOS/crypto-policies/Sanity/retention] it's wired to __rsaes_pkcs1_v1_5_encrypt_decrypt = ALLOW/DISALLOW [manual one-time inspection]
Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/139952
Gating Tests:

Enabled
Test Coverage:

Automated

Release Note Type:
Deprecated Functionality
Release Note Text:

Hide
GnuTLS will block encrypting and decrypting with RSA PKCS#1 v1.5 padding by default.

Note: Deprecation means removal of support in a future major release.
Description (describe the discontinued feature):
Consequence (describe the recommended replacement, if applicable. In addition, add a deprecation event to the Package Evolution Service (PES)):

Show
GnuTLS will block encrypting and decrypting with RSA PKCS#1 v1.5 padding by default. Note: Deprecation means removal of support in a future major release. Description (describe the discontinued feature): Consequence (describe the recommended replacement, if applicable. In addition, add a deprecation event to the Package Evolution Service (PES)):
Release Note Status:
Proposed

gnutls has introduced an allow-rsa-pkcs1-encrypt option. we want it off in DEFAULT and the rest, but, probably, on in LEGACY.

option name suggestion: `__rsaes_pkcs1_v1_5_encrypt_decrypt` defaulting to 0 and being set to 1 in LEGACY only.

links to

RHBA-2024:139952 crypto-policies bug fix and enhancement update