Bug 1842801

Description of problem:

Crypto-policy non-compliance is reported by rpmlint.

Since RHEL-8.0 we have system-wide crypto policies - usage of cryptographic protocols such as TLS that are enforced system-wide. In general we want all applications in RHEL to be compliant with the crypto policy set on the system (see policy [1] inherited from Fedora).

Rpmlint detected that dovecot uses SSL_CTX_set_cipher_list from OpenSSL library without  PROFILE=SYSTEM. This indicates that a custom setting is used rather than system-wide crypto-policies setting. It is not a problem as long as it is intentional (e.g. specific algorithm is requested by user or configuration). However, unintentional usage might be a potential bug.

Could you please inspect relevant parts of the code, check that this is not rpmlint false positive and verify that custom setting is used intentionally?

 * If yes, feel free to close this BZ as NOT-A-BUG.
 * If not, could you please consider using system-wide crypto policy setting (PROFILE=SYSTEM) instead of custom setting?

[1] https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies

Version-Release number of selected component (if applicable):

dovecot-2.3.8-2.el8

How reproducible:

100%

Steps to Reproduce:

1. rpmlint dovecot-2.3.8-2.el8.x86_64.rpm


Expected results:

No crypto-policy-non-compliance warning.

Actual results:

dovecot.x86_64: W: crypto-policy-non-compliance-openssl /usr/lib64/dovecot/libssl_iostream_openssl.so SSL_CTX_set_cipher_list