Bug 2152635

Summary: NSEC3DSA should be disabled as DSA is in bind.config
Product: Red Hat Enterprise Linux 9 Reporter: Alexander Sosedkin <asosedki>
Component: crypto-policiesAssignee: Alexander Sosedkin <asosedki>
Status: CLOSED ERRATA QA Contact: Ondrej Moriš <omoris>
Severity: low Docs Contact: Petr Hybl <phybl>
Priority: low    
Version: 9.2CC: jafiala, mjahoda, omoris, phybl
Target Milestone: rcKeywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: crypto-policies-20221215-1.git9a18988.el9 Doc Type: Bug Fix
Doc Text:
.`crypto-policies` now disable NSEC3DSA for BIND Previously, the system-wide cryptographic policies did not control the NSEC3DSA algorithm in the BIND configuration. Consequently, NSEC3DSA, which does not meet current security requirements, was not disabled on DNS servers. With this update, all cryptographic policies disable NSEC3DSA in the BIND configuration by default.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2023-05-09 08:15:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 13 errata-xmlrpc 2023-05-09 08:15:18 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (crypto-policies bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2023:2470