Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-66149

TEST-PQ crypto policy should enable hybrid ML-KEM groups for GnuTLS

XMLWordPrintable

    • crypto-policies-20241106-1.git1bdaba3.el10
    • No
    • Low
    • 1
    • rhel-sst-security-crypto
    • ssg_security
    • 12
    • 0.75
    • False
    • Hide

      None

      Show
      None
    • No
    • Crypto24Q4
    • Unspecified Release Note Type - Unknown
    • None

      When the TEST-PQ subpolicy is enabled, the necessary algorithms aren't enabled in the GnuTLS policy.

      In the crypto-policies-20241104-1.git6a67b8c.el10.noarch setting the policy to `DEFAULT:TEST-PQ` does not add to the `/etc/crypto-policies/back-ends/gnutls.config` file the algorithm IDs for ML-KEM:

      tls-enabled-group = GROUP-X25519-MLKEM768
tls-enabled-group = GROUP-SECP256R1-MLKEM768

      Needs GnuTLS 3.8.8

              asosedki@redhat.com Alexander Sosedkin
              hkario@redhat.com Alicja Kario
              Alexander Sosedkin Alexander Sosedkin
              Ondrej Moris Ondrej Moris
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: