No announcement yet.

Fedora Looks At Tightening Its Crypto Policies Next Year

  • Filter
  • Time
  • Show
Clear All
new posts

  • Slithery
    Good. it's about time...

    Leave a comment:

  • zxy_thf
    I really don't understand why they are so late for this.

    My current institution is already actively blocking ssh-servers that are still using SHA-1 or other weaker ciphers, effectively making the default Fedora SSH server unusable.

    Leave a comment:

  • johncall
    This command to revert RHEL to a more tolerant crypto policy helped me in the past. Hopefully it also works for Fedora...

    This article summarizes the rationale behind Red Hat Enterprise Linux crypto policies, and provides information on its default settings, and instructions on how it can be used.


    $ update-crypto-policies --show

    $ sudo update-crypto-policies --set LEGACY
    Setting system policy to LEGACY
    Last edited by johncall; 30 April 2022, 11:31 AM.

    Leave a comment:

  • CommunityMember
    SHA-1 served us well for quite a period of time, but the weakness's are now well known (and the crypto community will only get better), so it is widely accepted that SHA-1 should not be used into the future, while realizing that existing signatures will need to be recognized during the lifetime of the original sources, and providing a transition period (some CA certs may still exist with only a SHA-1 signature)

    With EL9 (beta) RedHat default policy already distrusts SHA-1 (being a 10 year supported distro, it is expected that during that timeframe the various authorities will require SHA-1 to no longer be used, so they default to distrust now rather than change in the middle of the release), and, not unexpectedly, a few issues were identified (and are being addressed either through targeted overrides, or fixing the processes that still generate SHA-1 only).

    Leave a comment:

  • Fedora Looks At Tightening Its Crypto Policies Next Year

    Phoronix: Fedora Looks At Tightening Its Crypto Policies Next Year

    Fedora Linux is looking at tightening up its cryptographic policies with next year's Fedora 38/39 releases but for Fedora 37 later this year they will likely begin warning users around the planned changes...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite