Back to bug 1975836
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Red Hat Bugzilla | 2021-06-24 14:26:03 UTC | Pool ID | sst_security_crypto_rhel_9 | |
| Yatin Karel | 2021-06-24 14:37:47 UTC | Blocks | 1975799 | |
| Depends On | 1975799 | |||
| Alan Pevec | 2021-06-24 17:09:25 UTC | CC | apevec, sahana | |
| Summary | cryptsetup default hash to encrypt key do not work with openssl-3 | add ripemd160 hash back? | ||
| Flags | needinfo?(sahana) | |||
| Red Hat One Jira (issues.redhat.com) | 2021-06-24 23:43:42 UTC | Link ID | Red Hat Issue Tracker RHELPLAN-86495 | |
| Hubert Kario | 2021-06-25 12:47:52 UTC | CC | hkario | |
| Hubert Kario | 2021-06-25 15:39:28 UTC | Flags | needinfo?(mbroz) | |
| Milan Broz | 2021-06-25 17:05:20 UTC | Flags | needinfo?(mbroz) | |
| Sahana Prasad | 2021-06-29 11:47:57 UTC | Keywords | Triaged | |
| Sahana Prasad | 2021-06-29 14:57:42 UTC | Priority | unspecified | low |
| Severity | unspecified | low | ||
| Hubert Kario | 2021-06-30 10:38:08 UTC | Keywords | Documentation | |
| Doc Type | If docs needed, set a value | Deprecated Functionality | ||
| Sahana Prasad | 2021-06-30 10:40:09 UTC | Keywords | Documentation | |
| Doc Type | Deprecated Functionality | Release Note | ||
| Flags | needinfo?(sahana) | |||
| Hubert Kario | 2021-06-30 13:55:10 UTC | Doc Type | Release Note | Deprecated Functionality |
| Stanislav Zidek | 2021-07-13 09:12:18 UTC | QA Contact | qe-baseos-security | hkario |
| Hubert Kario | 2021-07-13 09:33:54 UTC | Doc Text | Upstream OpenSSL project has deprecated a set of cryptographic algorithms as they are insecure, uncommonly used, or both. Use of those algorithms is thus discouraged and they are provided in Red Hat Enterprise Linux only for migrating encrypted data to use new algorithms. Users must not depend on those algorithms for security of their systems. The implementations of the following algorithms have been moved to the legacy provider: MD2, MD4, MDC2, WHIRPOOL, RIPEMD160, Blowfish, CAST, DES (not to be confused with 3DES), IDEA, RC2, RC4, RC5, SEED, and PBKDF1. See the /etc/pki/tls/openssl.cnf configuration file for instructions on how to load the legacy provider and enable support for them. |
|
| Sahana Prasad | 2021-08-06 13:19:19 UTC | Status | NEW | ASSIGNED |
| Hubert Kario | 2021-08-06 15:40:04 UTC | CC | dbelyavs | |
| Hubert Kario | 2021-08-06 15:40:51 UTC | Version | CentOS Stream | 9.0 |
| Hubert Kario | 2021-08-06 15:42:18 UTC | Summary | add ripemd160 hash back? | add ripemd160 hash back? (how to enable legacy provider) |
| Sahana Prasad | 2021-08-16 14:27:23 UTC | Fixed In Version | openssl-3.0.0-0.beta2.5.el9 | |
| Status | ASSIGNED | MODIFIED | ||
| errata-xmlrpc | 2021-08-16 14:45:00 UTC | Status | MODIFIED | ON_QA |
| Hubert Kario | 2021-08-19 14:26:29 UTC | Status | ON_QA | VERIFIED |
| Lenka Špačková | 2021-08-31 10:29:08 UTC | Docs Contact | mjahoda | |
| Red Hat Bugzilla | 2021-08-31 22:37:15 UTC | CC | mbroz | |
| Mirek Jahoda | 2021-11-01 11:51:07 UTC | Doc Text | Upstream OpenSSL project has deprecated a set of cryptographic algorithms as they are insecure, uncommonly used, or both. Use of those algorithms is thus discouraged and they are provided in Red Hat Enterprise Linux only for migrating encrypted data to use new algorithms. Users must not depend on those algorithms for security of their systems. The implementations of the following algorithms have been moved to the legacy provider: MD2, MD4, MDC2, WHIRPOOL, RIPEMD160, Blowfish, CAST, DES (not to be confused with 3DES), IDEA, RC2, RC4, RC5, SEED, and PBKDF1. See the /etc/pki/tls/openssl.cnf configuration file for instructions on how to load the legacy provider and enable support for them. | .OpenSSL deprecates MD2, MD4, MDC2, Whirlpool, RIPEMD160, Blowfish, CAST, DES, IDEA, RC2, RC4, RC5, SEED, and PBKDF1 The OpenSSL project has deprecated a set of cryptographic algorithms because they are insecure, uncommonly used, or both. Red Hat also discourages the use of those algorithms, and RHEL 9 provides them for migrating encrypted data to use new algorithms. Users must not depend on those algorithms for the security of their systems. The implementations of the following algorithms have been moved to the legacy provider in OpenSSL: MD2, MD4, MDC2, Whirlpool, RIPEMD160, Blowfish, CAST, DES, IDEA, RC2, RC4, RC5, SEED, and PBKDF1. See the `/etc/pki/tls/openssl.cnf` configuration file for instructions on how to load the legacy provider and enable support for the deprecated algorithms. |
| Red Hat One Jira (issues.redhat.com) | 2021-12-02 14:41:50 UTC | Link ID | Red Hat Issue Tracker CRYPTO-5653 | |
| Vratislav Hutsky | 2021-12-07 21:24:13 UTC | Status | VERIFIED | CLOSED |
| Resolution | --- | CURRENTRELEASE | ||
| Last Closed | 2021-12-07 21:24:13 UTC | |||
| Mirek Jahoda | 2022-05-03 13:17:15 UTC | Flags | needinfo?(hkario) | |
| Mirek Jahoda | 2022-05-03 13:17:46 UTC | CC | szidek | |
| Hubert Kario | 2022-05-03 17:13:59 UTC | Flags | needinfo?(hkario) | |
| Mirek Jahoda | 2023-04-24 10:31:23 UTC | Doc Text | .OpenSSL deprecates MD2, MD4, MDC2, Whirlpool, RIPEMD160, Blowfish, CAST, DES, IDEA, RC2, RC4, RC5, SEED, and PBKDF1 The OpenSSL project has deprecated a set of cryptographic algorithms because they are insecure, uncommonly used, or both. Red Hat also discourages the use of those algorithms, and RHEL 9 provides them for migrating encrypted data to use new algorithms. Users must not depend on those algorithms for the security of their systems. The implementations of the following algorithms have been moved to the legacy provider in OpenSSL: MD2, MD4, MDC2, Whirlpool, RIPEMD160, Blowfish, CAST, DES, IDEA, RC2, RC4, RC5, SEED, and PBKDF1. See the `/etc/pki/tls/openssl.cnf` configuration file for instructions on how to load the legacy provider and enable support for the deprecated algorithms. | .OpenSSL deprecates MD2, MD4, MDC2, Whirlpool, Blowfish, CAST, DES, IDEA, RC2, RC4, RC5, SEED, and PBKDF1 The OpenSSL project has deprecated a set of cryptographic algorithms because they are insecure, uncommonly used, or both. Red Hat also discourages the use of those algorithms, and RHEL 9 provides them for migrating encrypted data to use new algorithms. Users must not depend on those algorithms for the security of their systems. The implementations of the following algorithms have been moved to the legacy provider in OpenSSL: MD2, MD4, MDC2, Whirlpool, Blowfish, CAST, DES, IDEA, RC2, RC4, RC5, SEED, and PBKDF1. See the `/etc/pki/tls/openssl.cnf` configuration file for instructions on how to load the legacy provider and enable support for the deprecated algorithms. |
Back to bug 1975836