On 06/01/2021 08:03, Chris Adams wrote:
Once upon a time, Ed Greshko <ed.greshko@xxxxxxxxxxx> said:
On 06/01/2021 04:10, Chris Adams wrote:
See https://bugzilla.redhat.com/show_bug.cgi?id=1893581 and
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2
In the second link, see the section on " Upgrade/compatibility impact"
Yeah, I see that, but I don't see what is wrong with
support.juniper.net. If I set the system policy to LEGACY and run
openssl s_client, I see:
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 6642 bytes and written 485 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
I can't see what is wrong; I think that all meets the policy. And
that's a problem with the single all-encompassing policy... except oh by
the way it isn't all-encompassing. Midori and Chromium both connect
just fine; so can gnutls-cli (I don't know of a corresponding NSS
client). So this appears to stop OpenSSL and NSS but not GnuTLS.
Off to file a bug, against crypto-policies I guess to start.
Well, I don't know why you'd do that.
I just did "sudo update-crypto-policies --set LEGACY" on an F33 system, restarted the system as
suggested, and I was able to access that site just fine.
---
The key to getting good answers is to ask good questions.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
