Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-69296

Crypto-policies not aware of Brainpool codepoints from rfc8734

XMLWordPrintable

    • crypto-policies-20241128-1.git0dd441c.el10
    • No
    • Low
    • 1
    • rhel-sst-security-crypto
    • ssg_security
    • 20
    • 0.75
    • False
    • Hide

      None

      Show
      None
    • No
    • Crypto24Q4
    • Hide

      smoke-test that TLS 1.2 brainpool is back and working: limiting it to TLS 1.2 negotiates brainpool with TLS 1.2; not limiting it negotiates brainpool with TLS 1.2 [/CoreOS/crypto-policies/Regression/bz2184411-Brainpool-support]
      (rationale: we can't really test TLS 1.3 without newer openssl, but we can test that we have overcome the TLS 1.2 regression)

      Show
      smoke-test that TLS 1.2 brainpool is back and working: limiting it to TLS 1.2 negotiates brainpool with TLS 1.2; not limiting it negotiates brainpool with TLS 1.2 [/CoreOS/crypto-policies/Regression/bz2184411-Brainpool-support] (rationale: we can't really test TLS 1.3 without newer openssl, but we can test that we have overcome the TLS 1.2 regression)
    • Pass
    • Enabled
    • Automated
    • Unspecified Release Note Type - Unknown
    • None

      Crypto-policies should be aware of 6 additional codepoints,
      three for the supported groups:

      31 	brainpoolP256r1tls13 	Y 	N 	[RFC8734] 	
32 	brainpoolP384r1tls13 	Y 	N 	[RFC8734] 	
33 	brainpoolP512r1tls13 	Y 	N 	[RFC8734]

      and three for the signature schemes:

      0x081A 	ecdsa_brainpoolP256r1tls13_sha256 	N 	[RFC8734]
0x081B 	ecdsa_brainpoolP384r1tls13_sha384 	N 	[RFC8734]
0x081C 	ecdsa_brainpoolP512r1tls13_sha512 	N 	[RFC8734]

              asosedki@redhat.com Alexander Sosedkin
              hkario@redhat.com Alicja Kario
              Alexander Sosedkin Alexander Sosedkin
              Ondrej Moris Ondrej Moris
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: