[ol8_baseos_latest] crypto-policies-scripts-20200713-1.git51d1222.el8.noarch

Name:	crypto-policies-scripts
Version:	20200713
Release:	1.git51d1222.el8
Architecture:	noarch
Group:	Unspecified
Size:	128260
License:	LGPLv2+
RPM:	crypto-policies-scripts-20200713-1.git51d1222.el8.noarch.rpm
Source RPM:	crypto-policies-20200713-1.git51d1222.el8.src.rpm
Build Date:	Wed Nov 04 2020
Build Host:	jenkins-172-17-0-2-c7d4fba2-72eb-41b9-9372-029207b11421
Vendor:	Oracle America
URL:	https://gitlab.com/redhat-crypto/fedora-crypto-policies
Summary:	Tool to switch between crypto policies
Description:	This package provides a tool update-crypto-policies, which applies the policies provided by the crypto-policies package. These can be either the pre-built policies from the base package or custom policies defined in simple policy definition files. The package also provides a tool fips-mode-setup, which can be used to enable or disable the system FIPS mode.

Changelog (Show File list) (Show related packages)

Mon Jul 13 2020 Tomáš Mráz <tmraz@redhat.com> - 20200713-1.git51d1222

- OSPP subpolicy: remove AES-CCM
- openssl: handle the AES-CCM removal properly

Wed Jul 01 2020 Tomáš Mráz <tmraz@redhat.com> - 20200629-1.git806b5d3

- disallow X448/ED448 in FIPS policy with gnutls >= 3.6.12
- add AD-SUPPORT policy module

Wed Jun 10 2020 Tomáš Mráz <tmraz@redhat.com> - 20200610-1.git0ac8b1f

- fallback to FIPS policy instead of the default-config in FIPS mode
- java: Document properly how to override the crypto policy
- krb5: No support for 3des anymore
- reorder the signature algorithms to follow the order in default openssl list

Tue Jun 09 2020 Tomáš Mráz <tmraz@redhat.com> - 20200527-5.gitb234a47

- make the post script work in environments where /proc/sys is not available

Fri May 29 2020 Tomáš Mráz <tmraz@redhat.com> - 20200527-4.gitb234a47
```
- automatically set up FIPS policy in FIPS mode on first install
```

Thu May 28 2020 Tomáš Mráz <tmraz@redhat.com> - 20200527-2.git63fc906

- explicitly enable DHE-DSS in gnutls config if enabled in policy
- use grubby with --update-kernel=ALL to avoid breaking kernelopts
- OSPP subpolicy: Allow GCM for SSH protocol
- openssh: Support newly standardized ECDHE-GSS and DHE-GSS key exchanges
- if the policy in FIPS mode is not a FIPS policy print a message
- openssl: Add SignatureAlgorithms support
- custom crypto policies: enable completely overriding contents of the list
  value
- added ECDHE-ONLY.pmod policy module example
- openssh: make LEGACY policy to prefer strong public key algorithms
- various python code cleanups
- update-crypto-policies: dump the current policy to
  /etc/crypto-policies/state/CURRENT.pol
- split scripts into their own subpackage

Mon Dec 16 2019 Tomáš Mráz <tmraz@redhat.com> - 20191128-2.git23e1bf1

- move the pre-built .config files to /usr/share/crypto-policies/back-ends

Fri Nov 29 2019 Tomáš Mráz <tmraz@redhat.com> - 20191128-1.git23e1bf1
```
- fips-mode-setup: compatibility with RHCOS
```
Thu Nov 28 2019 Tomáš Mráz <tmraz@redhat.com> - 20191127-1.git1179826
```
- add FIPS subpolicy for OSPP
```

Tue Oct 29 2019 Tomáš Mráz <tmraz@redhat.com> - 20191022-1.gite17cc3a

- custom crypto policies support
- update-crypto-policies: fix handling of list operations in policy modules
- update-crypto-policies: fix updating of the current policy marker
- fips-mode-setup: fixes related to containers and non-root execution
- make it possible to use fips-mode-setup --check without dracut
- add .config symlinks so a crypto policy can be set with read-only
  /etc by bind-mounting /usr/share/crypto-policies/<policy> to
  /etc/crypto-policies/back-ends
- run the update-crypto-policies in posttrans