[ol9_baseos_latest] crypto-policies-scripts-20230731-1.git94f0e2c.el9.noarch

Name:	crypto-policies-scripts
Version:	20230731
Release:	1.git94f0e2c.el9
Architecture:	noarch
Group:	Unspecified
Size:	238110
License:	LGPLv2+
RPM:	crypto-policies-scripts-20230731-1.git94f0e2c.el9.noarch.rpm
Source RPM:	crypto-policies-20230731-1.git94f0e2c.el9.src.rpm
Build Date:	Sat Oct 14 2023
Build Host:	build-ol9-x86_64.oracle.com
Vendor:	Oracle America
URL:	https://gitlab.com/redhat-crypto/fedora-crypto-policies
Summary:	Tool to switch between crypto policies
Description:	This package provides a tool update-crypto-policies, which applies the policies provided by the crypto-policies package. These can be either the pre-built policies from the base package or custom policies defined in simple policy definition files. The package also provides a tool fips-mode-setup, which can be used to enable or disable the system FIPS mode.

Changelog (Show File list) (Show related packages)

Mon Jul 31 2023 Alexander Sosedkin <asosedkin@redhat.com> - 20230731-1.git94f0e2c

- krb5: sort enctypes mac-first, cipher-second, prioritize SHA-2 ones
- FIPS: enforce EMS in FIPS mode
- NO-ENFORCE-EMS: add subpolicy to undo the EMS enforcement in FIPS mode
- nss: implement EMS enforcement in FIPS mode (disabled in ELN)
- openssl: implement EMS enforcement in FIPS mode
- gnutls: implement EMS enforcement in FIPS mode (disabled in ELN)
- docs: replace `FIPS 140-2` with just `FIPS 140`

Wed Jun 14 2023 Alexander Sosedkin <asosedkin@redhat.com> - 20230614-1.git027799d
```
- policies: restore group order to old OpenSSL default order
```
Fri May 05 2023 Alexander Sosedkin <asosedkin@redhat.com> - 20230505-1.gitf69bbc2
```
- openssl: set Groups explicitly
- openssl: add support for Brainpool curves
```
Thu Dec 15 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20221215-1.git9a18988
```
- bind: expand the list of disableable algorithms
```
Mon Oct 03 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20221003-1.git04dee29
```
- openssh: rename RSAMinSize option to RequiredRSASize
```
Mon Aug 15 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20220815-1.git0fbe86f
```
- openssh: add RSAMinSize option following min_rsa_size
```
Wed Apr 27 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20220427-1.gitb2323a1
```
- bind: control ED25519/ED448
```

Mon Apr 04 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20220404-1.git845c0c1

- DEFAULT: drop DNSSEC SHA-1 exception
- openssh: add support for sntrup761x25519-sha512@openssh.com

Wed Feb 23 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20220223-1.git5203b41

- openssl: allow SHA-1 signatures with rh-allow-sha1-signatures in LEGACY
- update AD-SUPPORT, move RC4 enctype enabling to AD-SUPPORT-LEGACY
- fips-mode-setup: catch more inconsistencies, clarify --check

Thu Feb 03 2022 Alexander Sosedkin <asosedkin@redhat.com> - 20220203-1.gitf03e75e

- gnutls: enable SHAKE, needed for Ed448
- fips-mode-setup: improve handling FIPS plus subpolicies
- FIPS: disable SHA-1 HMAC
- FIPS: disable CBC ciphers except in Kerberos