Hide Forgot
This is a tracking bug for Change: Switch GnuTLS to allowlisting For more details, see: https://fedoraproject.org/wiki/Changes/GnutlsAllowlisting Presently, crypto-policies controls GnuTLS in a way that "hard-disables" select algorithms, leaving no option for the applications using GnuTLS to reenable said algorithms back. We propose switching to more future-proof allowlisting-based configuration method and offering API within GnuTLS to loosen the system defaults for specific processes. If you encounter a bug related to this Change, please do not comment here. Instead create a new bug and set it to block this bug.
This bug appears to have been reported against 'rawhide' during the Fedora Linux 36 development cycle. Changing version to 36.
Today we reached the Code Complete (testable) milestone in the F36 schedule: https://fedorapeople.org/groups/schedule/f-36/f-36-key-tasks.html All code for this change should be complete enough for testing. You can indicate this by setting the bug status to MODIFIED. (If the code is fully complete, you can go ahead and set it to ON_QA.) If you need to defer this Change to F37, please needinfo bcotton.
Apologies for not being transparent enough about the rollout status. The changes have landed in rawhide as first gnutls-3.7.3-1.fc36, then crypto-policies-20220119-1.git50109e7.fc36, completing the switch 20 days ago. If there's some other place where this info should be posted, please tell me or do that directly if you wish. Judging by the low volume of bug reports, the switch went rather smoothly (as in, I didn't break wget google.com like I did in bz1979200). There were some follow-up fixes based on private communication reports since then, but nothing too disruptive or major has cropped up so far. I'd assess the risk of us backing out and deferring as very low.
F36 was released today. If this Change did not land in the release, please notify bcotton as soon as possible.