crypto-policies

No description set

Devel package for openSUSE:Factory
12 derived packages
Derived Packages
home:j-engel:samba-unstable

home:smarty12:libraries

home:dirkmueller:Factory

home:jejb1:Tumbleweed

home:jsulig:branches:devel:LoongArch:Factory

security:tls:staging

home:pmonrealgonzalez:cp

home:pmonrealgonzalez:branches:crypto-policies

home:alucardx:java

home:lalala123:RISCV

home:lalala123:RISCV / failed_crypto-policies

home:pmonrealgonzalez:branches:security:tls
Cancel
Links to openSUSE:Factory / crypto-policies
Download package
Checkout Package
osc -A https://api.opensuse.org checkout security:tls/crypto-policies && cd $_
Create Badge

Build Results

Refresh

Source Files (show merged sources derived from linked package)

Filename	Size	Changed
README.SUSE	0000000758 758 Bytes	28 days ago
_link	0000000124 124 Bytes	25 days ago
_service	0000000560 560 Bytes	27 days ago
_servicedata	0000000257 257 Bytes	27 days ago
crypto-policies-Allow-openssl-other-policies-in-FIPS-mode.patch	0000045378 44.3 KB	27 days ago
crypto-policies-Allow-sshd-in-FIPS-mode-using-DEFAULT.patch	0000005900 5.76 KB	27 days ago
crypto-policies-FIPS-output.patch	0000002311 2.26 KB	27 days ago
crypto-policies-SUSE-manpages.patch	0000001755 1.71 KB	27 days ago
crypto-policies-enable-SHA1-sigver-in-DEFAULT.patch	0000001055 1.03 KB	27 days ago
crypto-policies-no-build-manpages.patch	0000001283 1.25 KB	27 days ago
crypto-policies-nss.patch	0000001991 1.94 KB	27 days ago
crypto-policies-policygenerators.patch	0000001313 1.28 KB	5 months ago
crypto-policies-rpmlintrc	0000000098 98 Bytes	almost 3 years ago
crypto-policies.changes	0000030100 29.4 KB	27 days ago
crypto-policies.spec	0000012371 12.1 KB	27 days ago
fedora-crypto-policies-20250714.cd6043a.tar.gz	0000101254 98.9 KB	27 days ago
fips-finish-install	0000001123 1.1 KB	5 months ago
fips-mode-setup	0000008523 8.32 KB	5 months ago
man-crypto-policies.tar.xz	0000015444 15.1 KB	26 days ago
man-fips-scripts.tar.xz	0000002164 2.11 KB	27 days ago

Comments 2

Anonymous Checkouts (anoncvs) - over 2 years ago

The LEGACY crypto-policy no longer works as documented as of OpenSSL 3.1. In order to have TLSv1.0 and TLSv1.1 work with OpenSSL 3.1 @SECLEVEL=0 is required.

I already had added the legacy provider to openssl.cnf when OpenSSL 3.0 replaced 1.1.1 in tumbleweed in order to keep OpenVPN working, so I cannot say for sure but I would not be the least bit surprised if that is also required for TLS < v1.2 to function in practice.

Also, prior to the transition to OpenSSL 3.1, the DEFAULT crypto-policy did not enforce the documented requirement of TLS >= v1.2. It was only with the transition from OpenSSL 3.0 to 3.1 that I switched my system's crypto-policy from DEFAULT to LEGACY to no avail in an attempt to unbreak the connection to a POP3S server which only supports TLSv1.0.

Pedro Monreal Gonzalez (pmonrealgonzalez) - over 2 years ago

maintainer

Thanks for your comments! Could you open a bug report in bugzilla.opensuse.org with as much information as possible and the steps to reproduce. TIA.

Places

Actions on this page

crypto-policies

Edit Package crypto-policies

Source Files (show merged sources derived from linked package)

Comments 2

Places