PR#232: Verify that the AES-128 is used for encrypting the local CA - - Pagure.io

Static archive. pagure.io was sunset in 2026; this is a read-only snapshot.

certmonger

#232 Verify that the AES-128 is used for encrypting the local CA

Merged Jan 6, 2022 by rcritten. Opened Nov 29, 2021 by rcritten.

rcritten/certmonger bz1950132 into master

Verify that the AES-128 is used for encrypting the local CA

Rob Crittenden • Jan 6, 2022

e840b623a60309fe9682670b4adbffc86975b740

Download 232.patch

rcritten commented Nov 29, 2021

OpenSSL by default used very old defaults, RC2-CBC and 3DES, for
encryption. This resulted in a credential that was unusable if
FIPS was enabled.

Both values are now hardcoded to AES-128-CBC so that it is both
more modern and will work in all situations. This tests that
nothing has changed.

Related: https://bugzilla.redhat.com/show_bug.cgi?id=1950132

Signed-off-by: Rob Crittenden rcritten@redhat.com

Metadata

Assignee

None

Tags

No Tags

Changes Summary 3

file changed

tests/026-local/expected.openssl1

file changed

tests/026-local/expected.openssl3

file changed

tests/026-local/run.sh

Static archive. pagure.io was sunset in 2026; this is a read-only snapshot.

Fedora is sponsored by Red Hat. Learn more about the relationship between Red Hat and Fedora »

© Red Hat, Inc. and others.