Author cstratak
Recipients asvetlov, cstratak, yselivanov
Date 2018-11-30.14:28:46
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1543588126.21.0.788709270274.issue35352@psf.upfronthosting.co.za>
In-reply-to
Content
It seems I can reproduce it on Fedora as well by setting stronger crypto defaults through 'update-crypto-policies --set FUTURE'.

Repo located here: https://gitlab.com/redhat-crypto/fedora-crypto-policies/tree/master

The changes are many, but if I compare with RHEL8, the minimal changes that could affect it are:

-# DH params size: >= 1023
+# DH params size: >= 2048

-# TLS protocols: TLS >= 1.0
+# TLS protocols: TLS >= 1.2, DTLS >= 1.2

-@protocol_list = ('TLS1.3', 'TLS1.2', 'TLS1.1', 'TLS1.0', 'DTLS1.2', 'DTLS1.0');
+@protocol_list = ('TLS1.3', 'TLS1.2', 'DTLS1.2');

- $min_tls_version = 'TLS1.0';
- min_dtls_version = 'DTLS1.0';
+ $min_tls_version = 'TLS1.2';
+ $min_dtls_version = 'DTLS1.2';

# Parameter sizes
- $min_dh_size = 1023;
+ $min_dh_size = 2048;
History
Date User Action Args
2018-11-30 14:28:46cstrataksetrecipients: + cstratak, asvetlov, yselivanov
2018-11-30 14:28:46cstrataksetmessageid: <1543588126.21.0.788709270274.issue35352@psf.upfronthosting.co.za>
2018-11-30 14:28:46cstrataklinkissue35352 messages
2018-11-30 14:28:46cstratakcreate