Commit - rpms/openssl - efdb8c60a369cdf4600c747a533c1e60a28a1d9c

    Allow MD5-SHA1 in LEGACY c-p to fix TLS 1.0
    
    Fedora supports TLS down to 1.0 in LEGACY crypto-policy, but TLS 1.0
    defaults to rsa_pkcs1_md5_sha1 with RSA certificates by default.
    However, MD5-SHA1 would require SECLEVEL=0, because its 67 bits of
    security do not meet SECLEVEL=1's requirement of 80 bits.
    
    Instead of setting SECLEVEL to 0 in the LEGACY crypto-policy (which
    would include all algorithms, regardless of their security level), allow
    MD5-SHA1 if rh-allow-sha1-signatures is yes and SECLEVEL is 1.
    
    Related: rhbz#2069239

Fedora CI - scratch build
success

Package tests for efdb8c60: passed
2 years ago
Zuul
success

Jobs result is success
2 years ago
Fedora CI - dist-git test
success

Package tests for efdb8c60: passed
2 years ago
Build completed
success

Built as openssl-1:3.0.2-4.fc37
2 years ago
Build completed
success

Built as openssl-1:3.0.2-4.eln117
2 years ago

0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch

file modified

+30 -26

0053-Add-SHA1-probes.patch

file modified

+50 -47

openssl.spec

file modified

+5 -0

rpms / openssl

Source Code

efdb8c6 Allow MD5-SHA1 in LEGACY c-p to fix TLS 1.0

Authored and Committed by clang 2 years ago

`efdb8c6` Allow MD5-SHA1 in LEGACY c-p to fix TLS 1.0