Bug 2063947
Summary: | openssl req defaults to 3DES | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 9 | Reporter: | Alexander Sosedkin <asosedki> | |
Component: | openssl | Assignee: | Dmitry Belyavskiy <dbelyavs> | |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Hubert Kario <hkario> | |
Severity: | low | Docs Contact: | Jan Fiala <jafiala> | |
Priority: | low | |||
Version: | 9.0 | CC: | cllang, dbelyavs, hkario, jafiala, ssorce | |
Target Milestone: | rc | Keywords: | Triaged, ZStream | |
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | openssl-3.0.1-29.el9 | Doc Type: | Bug Fix | |
Doc Text: |
.OpenSSL `req` uses AES-256-CBC for private keys encryption
Previously, the OpenSSL `req` tool encrypted private key files by using the 3DES algorithm. Because the 3DES algorithm is insecure and disallowed in the current FIPS 140 standard for cryptographic modules, `req` now generates private key files encrypted using the AES-256-CBC algorithm instead. The overall PKCS#8 file format remains unchanged.
|
Story Points: | --- | |
Clone Of: | ||||
: | 2085499 (view as bug list) | Environment: | ||
Last Closed: | 2023-06-05 16:09:48 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 2085499 |
Description
Alexander Sosedkin
2022-03-14 17:18:16 UTC
We consider AES-256-CBC is the best choice *** Bug 2085397 has been marked as a duplicate of this bug. *** RHEL 9.1 contains openssl-3.0.1-43.el9_0. |