Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-79315

SecP384r1MLKEM1024 group not enabled by TEST-PQ policy

Linking RHIVOS CVEs to...Migration: Automation ...RHELPRIO AssignedTeam ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • crypto-policies-20250214-1.gitfd9b9b9.el10
    • No
    • Low
    • 1
    • rhel-security-crypto
    • ssg_security
    • 28
    • 1
    • False
    • False
    • Hide

      None

      Show
      None
    • No
    • Crypto25Q1
    • Hide

      AC1) Names related to ML-KEM in the generated opensslcnf DEFAULT:TEST-PQ policy include names from the the oqs provider (openssl list -kem-algorithms). It can also contain other names related to ML-KEM as long as they are prefixed with '?'.

      Show
      AC1) Names related to ML-KEM in the generated opensslcnf DEFAULT:TEST-PQ policy include names from the the oqs provider (openssl list -kem-algorithms). It can also contain other names related to ML-KEM as long as they are prefixed with '?'.
    • Pass
    • Enabled
    • Automated
    • Unspecified Release Note Type - Unknown
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      When using crypto-policies-20250128-1.git22421d3.el10.noarch setting the policy to `DEFAULT:TEST-PQ` does not enable the SecP384r1MLKEM1024 group.

      Inspecting the opensslcnf.config shows that crypto-policies uses the old name: p384_mlkem1024

              asosedki@redhat.com Alexander Sosedkin
              hkario@redhat.com Alicja Kario
              Alexander Sosedkin Alexander Sosedkin
              Ondrej Moris Ondrej Moris
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: