[prev in list] [next in list] [prev in thread] [next in thread]
List: centos-devel
Subject: Re: [CentOS-devel] Question on absence of SHA1 in OpenSSL 3.0/Centos 9 stream.
From: Josh Boyer <jwboyer () redhat ! com>
Date: 2022-07-25 14:43:24
Message-ID: CANyg3Hgvu1kqMvk1vCg8rqKhnTGwrbTU-UEJaRNkQDP2ByFxjA () mail ! gmail ! com
[Download RAW message or body]
On Mon, Jul 25, 2022 at 8:12 AM Nickolay Olshevsky <o.nickolay@gmail.com> wrote:
>
> Hi,
>
> Having SHA1 support removed from the OpenSSL in Centos 9 stream, it is
> still displayed in the list of supported digest, via CLI `openssl dgst
> -list` and via library API calls like `EVP_get_digestbyname()` and
> `EVP_MD_do_all_sorted()`.
>
> However, in some cases it would be desirable to know whether particular
> OpenSSL installation supports SHA1.
>
> So, the question - is it done this way by intention and I should look
> for some workaround, or it is something to get fixed in further package
> updates?
In RHEL and CentOS Stream, this is largely done via the
crypto-policies package. You will likely find this section relevant
to your question:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/consider \
ations_in_adopting_rhel_9/assembly_security_considerations-in-adopting-rhel-9#ref_considerations-security-crypto_changes-to-security
josh
_______________________________________________
CentOS-devel mailing list
CentOS-devel@centos.org
https://lists.centos.org/mailman/listinfo/centos-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic