Bug List: (1 of 4)
Bug 1335930 - Disable CA certificates with 1024-bit or less parameters
Summary: Disable CA certificates with 1024-bit or less parameters
Keywords:
Status: CLOSED DUPLICATE of bug 1367434
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ca-certificates
Version: 7.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Kai Engert (:kaie) (inactive account)
QA Contact: BaseOS QE Security Team
Mirek Jahoda
URL:
Whiteboard:
Depends On: rhel7-openssl1.0.2 1367484 1386616 1386848
Blocks: 1335929 1377248
TreeView+ depends on / blocked
 
Reported: 2016-05-13 14:44 UTC by Nikos Mavrogiannopoulos
Modified: 2017-07-04 09:15 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-03-01 11:43:27 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1335928 0 unspecified CLOSED Disable CA certificates with 1024-bit or less parameters by default 2021-02-22 00:41:40 UTC

Internal Links: 1335928

Description Nikos Mavrogiannopoulos 2016-05-13 14:44:38 UTC 
RHEL includes several cryptographic components who's security doesn't remain constant over time. Algorithms such as (cryptographic) hashing and encryption typically have a lifetime after which they are considered either too risky to use or plain insecure. That would mean we need to phase out such algorithms from the default settings, or completely disable if they could cause irreparable issue. 


This bug is about disabling any CA certificates which utilize less than 1024-bit RSA parameters.
Comment 5 Kai Engert (:kaie) (inactive account) 2017-03-01 11:43:27 UTC 
This bug seems equivalent to bug 1367434, marking as duplicate.

*** This bug has been marked as a duplicate of bug 1367434 ***
Note You need to log in before you can comment on or make changes to this bug.
Bug List: (1 of 4)