Overview

File project.diff of Package crypto-policies

--- _service.orig
+++ _service
@@ -4,11 +4,11 @@
     <param name="scm">git</param>
     <param name="versionformat">%cd.%h</param>
     <param name="changesgenerate">enable</param>
-    <param name="revision">cd6043a774abf6e4d17116f1497a2032f5351d49</param>
+    <param name="revision">19878fea4c5f62208655e32269842bce55c819b2</param>
   </service>
   <service name="recompress" mode="disabled">
     <param name="file">*.tar</param>
-    <param name="compression">gz</param>
+    <param name="compression">xz</param>
   </service>
   <service name="set_version" mode="disabled"/>
 </services>
--- _servicedata.orig
+++ _servicedata
@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://gitlab.com/redhat-crypto/fedora-crypto-policies.git</param>
-              <param name="changesrevision">cd6043a774abf6e4d17116f1497a2032f5351d49</param></service></servicedata>
\ No newline at end of file
+              <param name="changesrevision">19878fea4c5f62208655e32269842bce55c819b2</param></service></servicedata>
\ No newline at end of file
--- crypto-policies-Allow-openssl-other-policies-in-FIPS-mode.patch.orig
+++ crypto-policies-Allow-openssl-other-policies-in-FIPS-mode.patch
@@ -1,7 +1,7 @@
-Index: fedora-crypto-policies-20250714.cd6043a/python/policygenerators/openssl.py
+Index: fedora-crypto-policies-20251128.19878fe/python/policygenerators/openssl.py
 ===================================================================
---- fedora-crypto-policies-20250714.cd6043a.orig/python/policygenerators/openssl.py
-+++ fedora-crypto-policies-20250714.cd6043a/python/policygenerators/openssl.py
+--- fedora-crypto-policies-20251128.19878fe.orig/python/policygenerators/openssl.py
++++ fedora-crypto-policies-20251128.19878fe/python/policygenerators/openssl.py
 @@ -231,8 +231,8 @@ class OpenSSLGenerator(ConfigGenerator):
          'SECP256R1': 'secp256r1',
          'SECP384R1': 'secp384r1',
@@ -13,10 +13,10 @@ Index: fedora-crypto-policies-20250714.c
          'FFDHE-2048': 'ffdhe2048',
          'FFDHE-3072': 'ffdhe3072',
          'FFDHE-4096': 'ffdhe4096',
-Index: fedora-crypto-policies-20250714.cd6043a/tests/outputs/FUTURE-opensslcnf.txt
+Index: fedora-crypto-policies-20251128.19878fe/tests/outputs/FUTURE-opensslcnf.txt
 ===================================================================
---- fedora-crypto-policies-20250714.cd6043a.orig/tests/outputs/FUTURE-opensslcnf.txt
-+++ fedora-crypto-policies-20250714.cd6043a/tests/outputs/FUTURE-opensslcnf.txt
+--- fedora-crypto-policies-20251128.19878fe.orig/tests/outputs/FUTURE-opensslcnf.txt
++++ fedora-crypto-policies-20251128.19878fe/tests/outputs/FUTURE-opensslcnf.txt
 @@ -5,7 +5,7 @@ TLS.MaxProtocol = TLSv1.3
  DTLS.MinProtocol = DTLSv1.2
  DTLS.MaxProtocol = DTLSv1.2
@@ -26,10 +26,10 @@ Index: fedora-crypto-policies-20250714.c
  
  [req]
  default_bits = 3072
-Index: fedora-crypto-policies-20250714.cd6043a/tests/outputs/FEDORA43-opensslcnf.txt
+Index: fedora-crypto-policies-20251128.19878fe/tests/outputs/FEDORA43-opensslcnf.txt
 ===================================================================
---- fedora-crypto-policies-20250714.cd6043a.orig/tests/outputs/FEDORA43-opensslcnf.txt
-+++ fedora-crypto-policies-20250714.cd6043a/tests/outputs/FEDORA43-opensslcnf.txt
+--- fedora-crypto-policies-20251128.19878fe.orig/tests/outputs/FEDORA43-opensslcnf.txt
++++ fedora-crypto-policies-20251128.19878fe/tests/outputs/FEDORA43-opensslcnf.txt
 @@ -5,7 +5,7 @@ TLS.MaxProtocol = TLSv1.3
  DTLS.MinProtocol = DTLSv1.2
  DTLS.MaxProtocol = DTLSv1.2
@@ -39,10 +39,10 @@ Index: fedora-crypto-policies-20250714.c
  
  [req]
  default_bits = 2048
-Index: fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT-opensslcnf.txt
+Index: fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT-opensslcnf.txt
 ===================================================================
---- fedora-crypto-policies-20250714.cd6043a.orig/tests/outputs/DEFAULT-opensslcnf.txt
-+++ fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT-opensslcnf.txt
+--- fedora-crypto-policies-20251128.19878fe.orig/tests/outputs/DEFAULT-opensslcnf.txt
++++ fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT-opensslcnf.txt
 @@ -5,7 +5,7 @@ TLS.MaxProtocol = TLSv1.3
  DTLS.MinProtocol = DTLSv1.2
  DTLS.MaxProtocol = DTLSv1.2
@@ -58,39 +58,38 @@ Index: fedora-crypto-policies-20250714.c
  [evp_properties]
 -rh-allow-sha1-signatures = no
 +rh-allow-sha1-signatures = yes
-Index: fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT-openssh.txt
+Index: fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT-openssh.txt
 ===================================================================
---- fedora-crypto-policies-20250714.cd6043a.orig/tests/outputs/DEFAULT-openssh.txt
-+++ fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT-openssh.txt
-@@ -1,8 +1,7 @@
+--- fedora-crypto-policies-20251128.19878fe.orig/tests/outputs/DEFAULT-openssh.txt
++++ fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT-openssh.txt
+@@ -1,7 +1,7 @@
  Ciphers aes256-gcm@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
  MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512
 -GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-
--KexAlgorithms mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
--HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
+-KexAlgorithms mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
 +GSSAPIKexAlgorithms gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-
-+KexAlgorithms mlkem768x25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
++KexAlgorithms mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
+ HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
  PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
  HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
- CASignatureAlgorithms ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512
-Index: fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT-opensshserver.txt
+Index: fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT-opensshserver.txt
 ===================================================================
---- fedora-crypto-policies-20250714.cd6043a.orig/tests/outputs/DEFAULT-opensshserver.txt
-+++ fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT-opensshserver.txt
+--- fedora-crypto-policies-20251128.19878fe.orig/tests/outputs/DEFAULT-opensshserver.txt
++++ fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT-opensshserver.txt
 @@ -1,7 +1,7 @@
  Ciphers aes256-gcm@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
  MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512
 -GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-
--KexAlgorithms mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
+-KexAlgorithms mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
 +GSSAPIKexAlgorithms gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-
-+KexAlgorithms mlkem768x25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
++KexAlgorithms mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
  HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
  PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
  HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
-Index: fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT-libssh.txt
+Index: fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT-libssh.txt
 ===================================================================
---- fedora-crypto-policies-20250714.cd6043a.orig/tests/outputs/DEFAULT-libssh.txt
-+++ fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT-libssh.txt
+--- fedora-crypto-policies-20251128.19878fe.orig/tests/outputs/DEFAULT-libssh.txt
++++ fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT-libssh.txt
 @@ -1,5 +1,5 @@
 -Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
 +Ciphers aes256-gcm@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
@@ -99,10 +98,10 @@ Index: fedora-crypto-policies-20250714.c
 +KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
  HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
  PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
-Index: fedora-crypto-policies-20250714.cd6043a/tests/outputs/FEDORA42-opensslcnf.txt
+Index: fedora-crypto-policies-20251128.19878fe/tests/outputs/FEDORA42-opensslcnf.txt
 ===================================================================
---- fedora-crypto-policies-20250714.cd6043a.orig/tests/outputs/FEDORA42-opensslcnf.txt
-+++ fedora-crypto-policies-20250714.cd6043a/tests/outputs/FEDORA42-opensslcnf.txt
+--- fedora-crypto-policies-20251128.19878fe.orig/tests/outputs/FEDORA42-opensslcnf.txt
++++ fedora-crypto-policies-20251128.19878fe/tests/outputs/FEDORA42-opensslcnf.txt
 @@ -5,7 +5,7 @@ TLS.MaxProtocol = TLSv1.3
  DTLS.MinProtocol = DTLSv1.2
  DTLS.MaxProtocol = DTLSv1.2
@@ -112,10 +111,10 @@ Index: fedora-crypto-policies-20250714.c
  
  [req]
  default_bits = 2048
-Index: fedora-crypto-policies-20250714.cd6043a/tests/outputs/LEGACY-opensslcnf.txt
+Index: fedora-crypto-policies-20251128.19878fe/tests/outputs/LEGACY-opensslcnf.txt
 ===================================================================
---- fedora-crypto-policies-20250714.cd6043a.orig/tests/outputs/LEGACY-opensslcnf.txt
-+++ fedora-crypto-policies-20250714.cd6043a/tests/outputs/LEGACY-opensslcnf.txt
+--- fedora-crypto-policies-20251128.19878fe.orig/tests/outputs/LEGACY-opensslcnf.txt
++++ fedora-crypto-policies-20251128.19878fe/tests/outputs/LEGACY-opensslcnf.txt
 @@ -5,7 +5,7 @@ TLS.MaxProtocol = TLSv1.3
  DTLS.MinProtocol = DTLSv1
  DTLS.MaxProtocol = DTLSv1.2
@@ -125,10 +124,10 @@ Index: fedora-crypto-policies-20250714.c
  
  [req]
  default_bits = 2048
-Index: fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT:GOST-libssh.txt
+Index: fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT:GOST-libssh.txt
 ===================================================================
---- fedora-crypto-policies-20250714.cd6043a.orig/tests/outputs/DEFAULT:GOST-libssh.txt
-+++ fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT:GOST-libssh.txt
+--- fedora-crypto-policies-20251128.19878fe.orig/tests/outputs/DEFAULT:GOST-libssh.txt
++++ fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT:GOST-libssh.txt
 @@ -1,5 +1,5 @@
 -Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
 +Ciphers aes256-gcm@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
@@ -137,42 +136,42 @@ Index: fedora-crypto-policies-20250714.c
 +KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
  HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
  PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
-Index: fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT:GOST-openssh.txt
+Index: fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT:GOST-openssh.txt
 ===================================================================
---- fedora-crypto-policies-20250714.cd6043a.orig/tests/outputs/DEFAULT:GOST-openssh.txt
-+++ fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT:GOST-openssh.txt
+--- fedora-crypto-policies-20251128.19878fe.orig/tests/outputs/DEFAULT:GOST-openssh.txt
++++ fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT:GOST-openssh.txt
 @@ -1,7 +1,7 @@
 -Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
 -MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
 -GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-
--KexAlgorithms mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
+-KexAlgorithms mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
 +Ciphers aes256-gcm@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
 +MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512
 +GSSAPIKexAlgorithms gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-
-+KexAlgorithms mlkem768x25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
++KexAlgorithms mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
  PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
  HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
  CASignatureAlgorithms ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512
-Index: fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT:GOST-opensshserver.txt
+Index: fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT:GOST-opensshserver.txt
 ===================================================================
---- fedora-crypto-policies-20250714.cd6043a.orig/tests/outputs/DEFAULT:GOST-opensshserver.txt
-+++ fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT:GOST-opensshserver.txt
+--- fedora-crypto-policies-20251128.19878fe.orig/tests/outputs/DEFAULT:GOST-opensshserver.txt
++++ fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT:GOST-opensshserver.txt
 @@ -1,7 +1,7 @@
 -Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
 -MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
 -GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-
--KexAlgorithms mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
+-KexAlgorithms mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
 +Ciphers aes256-gcm@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
 +MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512
 +GSSAPIKexAlgorithms gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-
-+KexAlgorithms mlkem768x25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
++KexAlgorithms mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
  HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
  PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
  HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
-Index: fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT:GOST-opensslcnf.txt
+Index: fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT:GOST-opensslcnf.txt
 ===================================================================
---- fedora-crypto-policies-20250714.cd6043a.orig/tests/outputs/DEFAULT:GOST-opensslcnf.txt
-+++ fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT:GOST-opensslcnf.txt
+--- fedora-crypto-policies-20251128.19878fe.orig/tests/outputs/DEFAULT:GOST-opensslcnf.txt
++++ fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT:GOST-opensslcnf.txt
 @@ -5,7 +5,7 @@ TLS.MaxProtocol = TLSv1.3
  DTLS.MinProtocol = DTLSv1.2
  DTLS.MaxProtocol = DTLSv1.2
@@ -188,10 +187,10 @@ Index: fedora-crypto-policies-20250714.c
  [evp_properties]
 -rh-allow-sha1-signatures = no
 +rh-allow-sha1-signatures = yes
-Index: fedora-crypto-policies-20250714.cd6043a/tests/outputs/LEGACY:AD-SUPPORT-opensslcnf.txt
+Index: fedora-crypto-policies-20251128.19878fe/tests/outputs/LEGACY:AD-SUPPORT-opensslcnf.txt
 ===================================================================
---- fedora-crypto-policies-20250714.cd6043a.orig/tests/outputs/LEGACY:AD-SUPPORT-opensslcnf.txt
-+++ fedora-crypto-policies-20250714.cd6043a/tests/outputs/LEGACY:AD-SUPPORT-opensslcnf.txt
+--- fedora-crypto-policies-20251128.19878fe.orig/tests/outputs/LEGACY:AD-SUPPORT-opensslcnf.txt
++++ fedora-crypto-policies-20251128.19878fe/tests/outputs/LEGACY:AD-SUPPORT-opensslcnf.txt
 @@ -5,7 +5,7 @@ TLS.MaxProtocol = TLSv1.3
  DTLS.MinProtocol = DTLSv1
  DTLS.MaxProtocol = DTLSv1.2
@@ -201,10 +200,10 @@ Index: fedora-crypto-policies-20250714.c
  
  [req]
  default_bits = 2048
-Index: fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT:NO-PQ-libssh.txt
+Index: fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT:NO-PQ-libssh.txt
 ===================================================================
---- fedora-crypto-policies-20250714.cd6043a.orig/tests/outputs/DEFAULT:NO-PQ-libssh.txt
-+++ fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT:NO-PQ-libssh.txt
+--- fedora-crypto-policies-20251128.19878fe.orig/tests/outputs/DEFAULT:NO-PQ-libssh.txt
++++ fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT:NO-PQ-libssh.txt
 @@ -1,5 +1,5 @@
 -Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
 +Ciphers aes256-gcm@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
@@ -213,10 +212,10 @@ Index: fedora-crypto-policies-20250714.c
 +KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
  HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
  PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
-Index: fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT:NO-PQ-openssh.txt
+Index: fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT:NO-PQ-openssh.txt
 ===================================================================
---- fedora-crypto-policies-20250714.cd6043a.orig/tests/outputs/DEFAULT:NO-PQ-openssh.txt
-+++ fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT:NO-PQ-openssh.txt
+--- fedora-crypto-policies-20251128.19878fe.orig/tests/outputs/DEFAULT:NO-PQ-openssh.txt
++++ fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT:NO-PQ-openssh.txt
 @@ -1,7 +1,7 @@
 -Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
 -MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
@@ -229,10 +228,10 @@ Index: fedora-crypto-policies-20250714.c
  PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
  HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
  CASignatureAlgorithms ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512
-Index: fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT:NO-PQ-opensshserver.txt
+Index: fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT:NO-PQ-opensshserver.txt
 ===================================================================
---- fedora-crypto-policies-20250714.cd6043a.orig/tests/outputs/DEFAULT:NO-PQ-opensshserver.txt
-+++ fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT:NO-PQ-opensshserver.txt
+--- fedora-crypto-policies-20251128.19878fe.orig/tests/outputs/DEFAULT:NO-PQ-opensshserver.txt
++++ fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT:NO-PQ-opensshserver.txt
 @@ -1,7 +1,7 @@
 -Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
 -MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
@@ -245,10 +244,10 @@ Index: fedora-crypto-policies-20250714.c
  HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
  PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
  HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
-Index: fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT:NO-PQ-opensslcnf.txt
+Index: fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT:NO-PQ-opensslcnf.txt
 ===================================================================
---- fedora-crypto-policies-20250714.cd6043a.orig/tests/outputs/DEFAULT:NO-PQ-opensslcnf.txt
-+++ fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT:NO-PQ-opensslcnf.txt
+--- fedora-crypto-policies-20251128.19878fe.orig/tests/outputs/DEFAULT:NO-PQ-opensslcnf.txt
++++ fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT:NO-PQ-opensslcnf.txt
 @@ -5,7 +5,7 @@ TLS.MaxProtocol = TLSv1.3
  DTLS.MinProtocol = DTLSv1.2
  DTLS.MaxProtocol = DTLSv1.2
@@ -264,10 +263,10 @@ Index: fedora-crypto-policies-20250714.c
  [evp_properties]
 -rh-allow-sha1-signatures = no
 +rh-allow-sha1-signatures = yes
-Index: fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT:TEST-PQ-libssh.txt
+Index: fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT:TEST-PQ-libssh.txt
 ===================================================================
---- fedora-crypto-policies-20250714.cd6043a.orig/tests/outputs/DEFAULT:TEST-PQ-libssh.txt
-+++ fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT:TEST-PQ-libssh.txt
+--- fedora-crypto-policies-20251128.19878fe.orig/tests/outputs/DEFAULT:TEST-PQ-libssh.txt
++++ fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT:TEST-PQ-libssh.txt
 @@ -1,5 +1,5 @@
 -Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
 +Ciphers aes256-gcm@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
@@ -276,42 +275,42 @@ Index: fedora-crypto-policies-20250714.c
 +KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
  HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
  PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
-Index: fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT:TEST-PQ-openssh.txt
+Index: fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT:TEST-PQ-openssh.txt
 ===================================================================
---- fedora-crypto-policies-20250714.cd6043a.orig/tests/outputs/DEFAULT:TEST-PQ-openssh.txt
-+++ fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT:TEST-PQ-openssh.txt
+--- fedora-crypto-policies-20251128.19878fe.orig/tests/outputs/DEFAULT:TEST-PQ-openssh.txt
++++ fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT:TEST-PQ-openssh.txt
 @@ -1,7 +1,7 @@
 -Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
 -MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
 -GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-
--KexAlgorithms mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
+-KexAlgorithms mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
 +Ciphers aes256-gcm@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
 +MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512
 +GSSAPIKexAlgorithms gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-
-+KexAlgorithms mlkem768x25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
++KexAlgorithms mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
  PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
  HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
  CASignatureAlgorithms ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512
-Index: fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT:TEST-PQ-opensshserver.txt
+Index: fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT:TEST-PQ-opensshserver.txt
 ===================================================================
---- fedora-crypto-policies-20250714.cd6043a.orig/tests/outputs/DEFAULT:TEST-PQ-opensshserver.txt
-+++ fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT:TEST-PQ-opensshserver.txt
+--- fedora-crypto-policies-20251128.19878fe.orig/tests/outputs/DEFAULT:TEST-PQ-opensshserver.txt
++++ fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT:TEST-PQ-opensshserver.txt
 @@ -1,7 +1,7 @@
 -Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
 -MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
 -GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-
--KexAlgorithms mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
+-KexAlgorithms mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
 +Ciphers aes256-gcm@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
 +MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512
 +GSSAPIKexAlgorithms gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-
-+KexAlgorithms mlkem768x25519-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
++KexAlgorithms mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
  HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
  PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
  HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
-Index: fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT:TEST-PQ-opensslcnf.txt
+Index: fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT:TEST-PQ-opensslcnf.txt
 ===================================================================
---- fedora-crypto-policies-20250714.cd6043a.orig/tests/outputs/DEFAULT:TEST-PQ-opensslcnf.txt
-+++ fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT:TEST-PQ-opensslcnf.txt
+--- fedora-crypto-policies-20251128.19878fe.orig/tests/outputs/DEFAULT:TEST-PQ-opensslcnf.txt
++++ fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT:TEST-PQ-opensslcnf.txt
 @@ -5,7 +5,7 @@ TLS.MaxProtocol = TLSv1.3
  DTLS.MinProtocol = DTLSv1.2
  DTLS.MaxProtocol = DTLSv1.2
@@ -327,10 +326,10 @@ Index: fedora-crypto-policies-20250714.c
  [evp_properties]
 -rh-allow-sha1-signatures = no
 +rh-allow-sha1-signatures = yes
-Index: fedora-crypto-policies-20250714.cd6043a/Makefile
+Index: fedora-crypto-policies-20251128.19878fe/Makefile
 ===================================================================
---- fedora-crypto-policies-20250714.cd6043a.orig/Makefile
-+++ fedora-crypto-policies-20250714.cd6043a/Makefile
+--- fedora-crypto-policies-20251128.19878fe.orig/Makefile
++++ fedora-crypto-policies-20251128.19878fe/Makefile
 @@ -75,15 +75,15 @@ check:
  	python/build-crypto-policies.py --strict --policy LEGACY:AD-SUPPORT --test --flat policies tests/outputs
  	python/build-crypto-policies.py --strict --policy DEFAULT:NO-PQ --test --flat policies tests/outputs
@@ -357,7 +356,7 @@ Index: fedora-crypto-policies-20250714.c
  	tests/openssl.py
  	tests/gnutls.py
 @@ -121,7 +121,7 @@ covtest: #doctest unittest
- 	coverage run --append --source python/cryptopolicies/ --branch -m pytest -vv tests/unit/ &>/dev/null
+ 	PYTHONPATH=. coverage run --append --source python/cryptopolicies/ --branch -m pytest -vv tests/unit/
  	coverage report --fail-under=100
  
 -test: doctest unittest check check-alternatives
--- crypto-policies-Allow-sshd-in-FIPS-mode-using-DEFAULT.patch.orig
+++ crypto-policies-Allow-sshd-in-FIPS-mode-using-DEFAULT.patch
@@ -1,7 +1,7 @@
-Index: fedora-crypto-policies-20250714.cd6043a/policies/DEFAULT.pol
+Index: fedora-crypto-policies-20251128.19878fe/policies/DEFAULT.pol
 ===================================================================
---- fedora-crypto-policies-20250714.cd6043a.orig/policies/DEFAULT.pol
-+++ fedora-crypto-policies-20250714.cd6043a/policies/DEFAULT.pol
+--- fedora-crypto-policies-20251128.19878fe.orig/policies/DEFAULT.pol
++++ fedora-crypto-policies-20251128.19878fe/policies/DEFAULT.pol
 @@ -15,10 +15,12 @@
  
  mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512
@@ -25,29 +25,29 @@ Index: fedora-crypto-policies-20250714.c
  
  # 'RSA' is intentionally before DHE ciphersuites, as the DHE ciphersuites have
  # interoperability issues in TLS.
-Index: fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT-opensshserver.txt
+Index: fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT-opensshserver.txt
 ===================================================================
---- fedora-crypto-policies-20250714.cd6043a.orig/tests/outputs/DEFAULT-opensshserver.txt
-+++ fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT-opensshserver.txt
+--- fedora-crypto-policies-20251128.19878fe.orig/tests/outputs/DEFAULT-opensshserver.txt
++++ fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT-opensshserver.txt
 @@ -1,5 +1,5 @@
 -Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
 -MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
 +Ciphers aes256-gcm@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
 +MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512
  GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-
- KexAlgorithms mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
+ KexAlgorithms mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
  HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
-Index: fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT-openssh.txt
+Index: fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT-openssh.txt
 ===================================================================
---- fedora-crypto-policies-20250714.cd6043a.orig/tests/outputs/DEFAULT-openssh.txt
-+++ fedora-crypto-policies-20250714.cd6043a/tests/outputs/DEFAULT-openssh.txt
+--- fedora-crypto-policies-20251128.19878fe.orig/tests/outputs/DEFAULT-openssh.txt
++++ fedora-crypto-policies-20251128.19878fe/tests/outputs/DEFAULT-openssh.txt
 @@ -1,7 +1,8 @@
 -Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
 -MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512
 +Ciphers aes256-gcm@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr
 +MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512
  GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-
- KexAlgorithms mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
+ KexAlgorithms mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
 +HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
  PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
  HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com
--- crypto-policies.changes.orig
+++ crypto-policies.changes
@@ -1,4 +1,21 @@
 -------------------------------------------------------------------
+Fri Dec 05 08:37:50 UTC 2025 - Pedro Monreal <pmonreal@suse.com>
+
+- Update to version 20251128.19878fe:
+  * nss: enable ML-DSA
+  * gnutls: do enabled-curve for hybrids with said curve
+  * openssl: allow disabling all TLS / DTLS protocols
+  * openssh: support mlkem768nistp256-sha256 and mlkem1024nistp384-sha384
+  * Revert "Do not include EdDSA in FIPS policy"
+  * openssl: let TLS 1.3 brainpool groups get used for key shares
+  * sequoia: register "eddsa" as an alias to EDDSA-ED25519
+  * Makefile: unbreak coverage testing on rawhide
+  * tests/unittest_preprocess_text: catch 3 warnings separately
+  * Rebase patches:
+    - crypto-policies-Allow-sshd-in-FIPS-mode-using-DEFAULT.patch
+    - crypto-policies-Allow-openssl-other-policies-in-FIPS-mode.patch
+
+-------------------------------------------------------------------
 Tue Nov 11 07:49:33 UTC 2025 - Pedro Monreal <pmonreal@suse.com>
 
 - Fix the testsuite:
--- crypto-policies.spec.orig
+++ crypto-policies.spec
@@ -22,13 +22,13 @@
 %global _python_bytecompile_extra 0
 
 Name:           crypto-policies
-Version:        20250714.cd6043a
+Version:        20251128.19878fe
 Release:        0
 Summary:        System-wide crypto policies
 License:        LGPL-2.1-or-later
 Group:          Productivity/Networking/Security
 URL:            https://gitlab.com/redhat-crypto/fedora-%{name}
-Source0:        fedora-%{name}-%{version}.tar.gz
+Source0:        fedora-%{name}-%{version}.tar.xz
 Source1:        README.SUSE
 Source2:        man-crypto-policies.tar.xz
 Source3:        man-fips-scripts.tar.xz
@@ -82,10 +82,10 @@ BuildRequires:  systemd-rpm-macros
 %if 0%{?primary_python:1}
 Recommends:     crypto-policies-scripts
 %endif
-Conflicts:      gnutls < 3.8.8
-Conflicts:      nss < 3.101
+Conflicts:      gnutls < 3.8.10
+Conflicts:      nss < 3.112
 Conflicts:      openssh < 9.9p1
-Conflicts:      openssl < 3.0.2
+Conflicts:      openssl < 3.5.0
 #!BuildIgnore:  crypto-policies
 BuildArch:      noarch
openSUSE Build Service is sponsored by
Places