-
Thu Jul 13 2023 Daiki Ueno <dueno@redhat.com> - 3.7.6-21
- Require use of extended master secret in FIPS mode by default (#2157953)
-
Tue Mar 14 2023 Daiki Ueno <dueno@redhat.com> - 3.7.6-20
- Fix the previous change (#2175214)
-
Fri Mar 10 2023 Daiki Ueno <dueno@redhat.com> - 3.7.6-19
- Bump release to ensure el9 package is greater than el9_* packages (#2175214)
-
Tue Feb 28 2023 Daiki Ueno <dueno@redhat.com> - 3.7.6-18
- Update gnutls-3.7.8-fips-pct-dh.patch to the upstream version (#2168143)
-
Fri Feb 10 2023 Daiki Ueno <dueno@redhat.com> - 3.7.6-17
- Fix timing side-channel in TLS RSA key exchange (#2162601)
-
Fri Feb 10 2023 Daiki Ueno <dueno@redhat.com> - 3.7.6-16
- fips: extend PCT to DH key generation (#2168143)
-
Thu Dec 15 2022 Zoltan Fridrich <zfridric@redhat.com> - 3.7.6-15
- fips: rename hmac file to its previous name (#2148269)
-
Tue Nov 22 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-14
- cipher: add restriction on CCM tag length under FIPS mode (#2137807)
- nettle: mark non-compliant RSA-PSS salt length to be not-approved (#2143266)
-
Tue Nov 15 2022 Zoltan Fridrich <zfridric@redhat.com> - 3.7.6-13
- fips: make XTS key check failure not fatal (#2130971)
- enable source archive verification again (#2127094)
- clear server's session ticket indication at rehandshake (#2136072)
- crypto-api: add block cipher API with automatic padding (#2084161)
- fips: remove library path checking from FIPS integrity check (#2140908)
-
Tue Sep 27 2022 Daiki Ueno <dueno@redhat.com> - 3.7.6-12
- fips: mark PBKDF2 with short key and output sizes non-approved
- fips: only mark HMAC as approved in PBKDF2
- fips: mark gnutls_key_generate with short key sizes non-approved
- fips: fix checking on hash algorithm used in ECDSA
- fips: preserve operation context around FIPS selftests API