Bug 2296273 - Make OpenSSL distrust SHA-1 signatures by default
Summary: Make OpenSSL distrust SHA-1 signatures by default
Keywords:
Status: ON_QA
Alias: None
Product: Fedora
Classification: Fedora
Component: Changes Tracking
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Alexander Sosedkin
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: F41Changes 2301344
TreeView+ depends on / blocked
 
Reported: 2024-07-08 11:52 UTC by Aoife Moloney
Modified: 2024-10-03 10:24 UTC (History)
1 user (show)

Fixed In Version: crypto-policies-20240717-1.git154fd4e.fc41
Clone Of:
Environment:
Last Closed:
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Aoife Moloney 2024-07-08 11:52:09 UTC 
This is a tracking bug for Change: Make OpenSSL distrust SHA-1 signatures by default
For more details, see: https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer

OpenSSL will no longer trust cryptographic signatures using SHA-1 by default, starting from Fedora 41.

If you encounter a bug related to this Change, please do not comment here. Instead create a new bug and set it to block this bug.
Comment 1 Aoife Moloney 2024-08-21 13:39:44 UTC 
Hi @asosedki, do you have an update on this change? Its due to be code complete before we enter Beta freeze next Tuesday 27th august. Is this still on track for F41, or do you need to re-target to F42?

Thanks,
Aoife
Comment 2 Alexander Sosedkin 2024-08-21 13:49:22 UTC 
The change has been implemented and landed in f41 rawhide in July; the first build that contains it is crypto-policies-20240717-1.git154fd4e.fc41
Comment 3 Aoife Moloney 2024-08-21 14:01:00 UTC 
Amazing, thank you very much Aleksander! And thank you for adjusting the bug status too, much appreciated.
Comment 4 Aoife Moloney 2024-08-26 17:04:22 UTC 
Updating bug status to reflect the change is complete.
Note You need to log in before you can comment on or make changes to this bug.