Bug 1678661
Summary: | openssh: KexAlgorithms=curve25519-sha256 not compatible with DEFAULT profile | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Stanislav Zidek <szidek> |
Component: | crypto-policies | Assignee: | Tomas Mraz <tmraz> |
Status: | CLOSED ERRATA | QA Contact: | Simo Sorce <ssorce> |
Severity: | medium | Docs Contact: | Mirek Jahoda <mjahoda> |
Priority: | medium | ||
Version: | 8.0 | CC: | hkario, igkioka, jjelen, lmanasko, mjahoda, nmavrogi, omoris, pasik, ssorce, szidek, tmraz |
Target Milestone: | rc | Keywords: | Triaged |
Target Release: | 8.1 | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | crypto-policies-20190613-1.git21ffdc8.el8 | Doc Type: | Bug Fix |
Doc Text: |
.`curve25519-sha256` is now supported by default in OpenSSH
Previously, the `curve25519-sha256` SSH key exchange algorithm was missing in the system-wide crypto policies configurations for the OpenSSH client and server even though it was compliant with the default policy level. As a consequence, if a client or a server used `curve25519-sha256` and this algorithm was not supported by the host, the connection might fail. This update of the `crypto-policies` package fixes the bug, and SSH connections no longer fail in the described scenario.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-11-05 22:33:24 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1682515 | ||
Bug Blocks: |
Description
Stanislav Zidek
2019-02-19 10:44:25 UTC
Mirek, can we document it as known issue in RHEL-8.0? Do we need a separate bug for the documentation? Verify test runs in CI: https://baseos-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/job/ci-openstack/29584//console [10.0.132.116 ] T: 5 [-ciphers-in-practice-do-not-meet-the-stated] Running [10.0.132.116 ] 1562575727 [Setup ] PASS Score: 0 [10.0.132.116 ] 1562575728 [Test-available-ciphers ] PASS Score: 0 [10.0.132.116 ] 1562575729 [Test-available-macs ] PASS Score: 0 [10.0.132.116 ] 1562575730 [KEX-algorithms ] PASS Score: 0 [10.0.132.116 ] 1562575731 [Key-types ] PASS Score: 0 [10.0.132.116 ] 1562575732 [Cleanup ] PASS Score: 0 [10.0.132.116 ] T: 5 [-ciphers-in-practice-do-not-meet-the-stated] Completed: PASS Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:3644 |