Bug 2085397

Summary: openssl req defaults to 3DES
Product: Red Hat Enterprise Linux 9 Reporter: Dmitry Belyavskiy <dbelyavs>
Component: opensslAssignee: Dmitry Belyavskiy <dbelyavs>
Status: CLOSED DUPLICATE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: low Docs Contact:
Priority: unspecified    
Version: 9.0CC: dbelyavs, hkario, ssorce
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-13 14:09:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dmitry Belyavskiy 2022-05-13 09:08:35 UTC 
This bug was initially created as a copy of Bug #2063947

I am copying this bug because: 



Description of problem: openssl req still defaults to 3DES for private key encryption
Version-Release number of selected component: openssl-3.0.1-5.el9
How reproducible: always
Steps to Reproduce: openssl req -newkey 4096
Expected results: cute +*. mashup, retcode 0, key file

Actual results:
804B3713977F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:349:Global default library context, Algorithm (DES-EDE3-CBC : 27), Properties (<null>)

Additional info: -nodes works, but we should have modern, secure and FIPS-compatible defaults.
Comment 3 Dmitry Belyavskiy 2022-05-13 14:09:55 UTC 

*** This bug has been marked as a duplicate of bug 2063947 ***