Back to bug 2219912

Who When What Removed Added
Red Hat Bugzilla 2023-07-05 18:05:40 UTC Pool ID sst_security_crypto_rhel_8
Red Hat One Jira (issues.redhat.com) 2023-07-05 18:06:01 UTC Link ID Red Hat Issue Tracker RHELPLAN-161587
Julien Rische 2023-07-17 08:14:14 UTC Blocks 2220834
Alexander Bokovoy 2023-07-18 09:26:25 UTC CC abokovoy
Alexander Sosedkin 2023-07-18 13:07:44 UTC Priority unspecified medium
Keywords Triaged
Severity unspecified medium
Red Hat One Jira (issues.redhat.com) 2023-07-18 13:09:09 UTC Link ID Red Hat Issue Tracker CRYPTO-11122
Julien Rische 2023-07-18 13:30:15 UTC CC asosedki
Flags needinfo?(asosedki)
Alexander Sosedkin 2023-07-18 14:12:02 UTC Flags needinfo?(asosedki)
Alexander Sosedkin 2023-07-19 10:22:20 UTC Flags needinfo?(jrische)
Julien Rische 2023-07-20 13:00:32 UTC Flags needinfo?(jrische)
Alexander Sosedkin 2023-07-24 16:05:36 UTC Doc Type If docs needed, set a value Release Note
QA Contact qe-baseos-security omoris
Doc Text When generating `permitted_enctypes` `krb5` configuration option, value order now depends on `mac` and `cipher` crypto-policy values, instead of `cipher and `hash` ones. This has been done to prioritize the more interoperable encryption types. If you're using `krb5`, please verify the value of `permitted_enctypes` in `/etc/crypto-policies/back-ends/krb5.config` and apply a custom subpolicy if needed.
Alexander Sosedkin 2023-07-24 16:12:52 UTC Doc Text When generating `permitted_enctypes` `krb5` configuration option, value order now depends on `mac` and `cipher` crypto-policy values, instead of `cipher and `hash` ones. This has been done to prioritize the more interoperable encryption types. If you're using `krb5`, please verify the value of `permitted_enctypes` in `/etc/crypto-policies/back-ends/krb5.config` and apply a custom subpolicy if needed. When generating `permitted_enctypes` `krb5` configuration option, values now depend on `mac` and `cipher` crypto-policy values, instead of `cipher and `hash` ones. This has been done to prioritize the more interoperable encryption types by default. If you're using `krb5`, please verify the value of `permitted_enctypes` in `/etc/crypto-policies/back-ends/krb5.config` and apply a custom subpolicy if needed.
Alexander Sosedkin 2023-07-24 17:20:18 UTC Status NEW POST
Flags needinfo?(jrische)
Link ID Gitlab redhat-crypto/fedora-crypto-policies/-/merge_requests/140
Julien Rische 2023-07-27 13:58:40 UTC Flags needinfo?(jrische)
Alexander Sosedkin 2023-08-02 12:17:48 UTC Fixed In Version crypto-policies-20230731-1.git3177e06.el8
Status POST MODIFIED
Ondrej Moriš 2023-08-03 06:58:16 UTC Summary Ordering matters for permitted_enctypes krb5 policy updates
errata-xmlrpc 2023-08-03 11:00:50 UTC Status MODIFIED ON_QA
Lucie Vařáková 2023-08-09 11:23:26 UTC Docs Contact mjahoda
Doc Type Release Note Enhancement
Ondrej Moriš 2023-08-09 16:01:44 UTC Doc Text When generating `permitted_enctypes` `krb5` configuration option, values now depend on `mac` and `cipher` crypto-policy values, instead of `cipher and `hash` ones. This has been done to prioritize the more interoperable encryption types by default. If you're using `krb5`, please verify the value of `permitted_enctypes` in `/etc/crypto-policies/back-ends/krb5.config` and apply a custom subpolicy if needed. When generating `permitted_enctypes` `krb5` configuration option, values now depend on `mac` and `cipher` crypto-policy values, instead of `cipher and `hash` ones. This has been done to prioritize the more interoperable encryption types by default. Additional effect of this change is that arcfour-hmac-md5 is no longer available in LEGACY (you need LEGACY:AD-SUPPORT to re-enable it) and aes256-cts-hmac-sha1-96 is no longer available in FUTURE. If you're using `krb5`, please verify the value of `permitted_enctypes` in `/etc/crypto-policies/back-ends/krb5.config` and apply a custom subpolicy if needed.
Status ON_QA VERIFIED

Back to bug 2219912