2070230 – disable SHA-1 in bind configuration in DEFAULT

Bug 2070230 - disable SHA-1 in bind configuration in DEFAULT

Summary: disable SHA-1 in bind configuration in DEFAULT

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	crypto-policies
Sub Component:
Version:	9.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Alexander Sosedkin
QA Contact:	Ondrej Moriš
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	2071546 (view as bug list)
Depends On:
Blocks:	el9_dnssec_sha1 2075672 2070495 2070923
TreeView+	depends on / blocked

Reported:	2022-03-30 16:48 UTC by Alexander Sosedkin
Modified:	2022-11-15 12:55 UTC (History)
CC List:	6 users (show)
Fixed In Version:	crypto-policies-20220404-1.git845c0c1.el9
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Clones:	2070923 (view as bug list)
Environment:
Last Closed:	2022-11-15 11:12:53 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Gitlab	redhat-crypto fedora-crypto-policies merge_requests 112	None	None	None	2022-03-30 16:58:22 UTC
Red Hat Issue Tracker	CRYPTO-3196	None	None	None	2022-03-30 19:10:23 UTC
Red Hat Issue Tracker	CRYPTO-7020	None	None	None	2022-04-04 12:45:19 UTC
Red Hat Issue Tracker	RHELPLAN-117370	None	None	None	2022-03-30 16:51:54 UTC
Red Hat Product Errata	RHBA-2022:8279	None	None	None	2022-11-15 11:13:01 UTC

Comment 13 Alexander Sosedkin 2022-04-13 12:51:59 UTC

*** Bug 2071546 has been marked as a duplicate of this bug. ***

Comment 15 Petr Menšík 2022-05-18 10:59:01 UTC

Note: bind follows crypto-policies by including configuration file "/etc/crypto-policies/back-ends/bind.config" from named.conf options section.

If SHA-1 names do not validate in your setup, ensure bind.config is included. Default shipped bind configuration file contains it already. Use it also in a custom configuration.

/etc/named.conf:

options {
# ...
    include "/etc/crypto-policies/back-ends/bind.config";
# ...
};

Comment 19 errata-xmlrpc 2022-11-15 11:12:53 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (crypto-policies bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:8279

Note You need to log in before you can comment on or make changes to this bug.