krb5 in version 1.15.1 adds two new AES types: aes128-cts-hmac-sha256-128 aes256-cts-hmac-sha384-192 Please turn these on in Fedora (26+). Thanks!
Hi Robbie, It is faster if you submit a PR on the upstream project [0], however for such a change we should first address #1428744. Without that it would be very easy to introduce a non-working policy without any means to detect that. [0]. https://gitlab.com/nmav/fedora-crypto-policies
crypto-policies-20170531-1.gitce0df7b.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-dd3d98b5bc
crypto-policies-20170531-1.gitce0df7b.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-dd3d98b5bc
crypto-policies-20170531-1.gitce0df7b.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.