Richard W.M. Jones <rjones@xxxxxxxxxx> wrote:
I somehow thought that loading the legacy provider would be the same as the LEGACY crypto policy, except just for Python 2.7 rather than for the entire system.
It’s a common misconception. So common that I recently wrote a blog post to explain the difference: https://www.redhat.com/en/blog/legacy-cryptography-fedora-36-and-red-hat-enterprise-linux-9
Setting the whole system crypto-policy to LEGACY (and reverting the code for loading the legacy provider) fixes almost everything.
Thanks for testing and confirming that. In that case, it’s really just a case of running the test with a separate OpenSSL configuration file that applies weaker defaults. HTH, Clemens -- Clemens Lang RHEL Crypto Team Red Hat _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
