Dmitry Belyavskiy
|
477d91adec
|
Rebasing to OpenSSL 3.0.7
Resolves: rhbz#2129063
|
2 years ago |
Dmitry Belyavskiy
|
f4e1bded66
|
Improve diagnostics when passing unsupported groups in TLS
Related: rhbz#2070197
|
3 years ago |
Dmitry Belyavskiy
|
8638196167
|
Ciphersuites with RSAPSK KX should be filterd in FIPS mode
Related: rhbz#2085088
|
3 years ago |
Dmitry Belyavskiy
|
b5de6bd830
|
In FIPS mode limit key sizes for signature verification
Resolves: rhbz#2077884
|
3 years ago |
Dmitry Belyavskiy
|
7bc4f9f094
|
Ciphersuites with RSA KX should be filterd in FIPS mode
Related: rhbz#2085088
|
3 years ago |
Dmitry Belyavskiy
|
b393177f7d
|
`openssl ecparam -list_curves` lists only FIPS-approved curves in FIPS mode
Resolves: rhbz#2083240
|
3 years ago |
Dmitry Belyavskiy
|
69c1abb4df
|
openssl req defaults on PKCS#8 encryption changed to AES-256-CBC
Resolves: rhbz#2063947
|
3 years ago |
Dmitry Belyavskiy
|
1b2d08b2c2
|
Adaptation of upstream patches disabling explicit EC parameters in FIPS mode
Resolves: rhbz#2058663
|
3 years ago |
Dmitry Belyavskiy
|
ad863e9fc8
|
OpenSSL FIPS module should not build in non-approved algorithms
Resolves: rhbz#2081378
|
3 years ago |
Dmitry Belyavskiy
|
02c75e5a65
|
We dont'want totally forbid RSA encryption.
Related: rhbz#2053289
|
3 years ago |
Dmitry Belyavskiy
|
7a1c7b28bc
|
FIPS provider doesn't block RSA encryption for key transport
Resolves: rhbz#2053289
|
3 years ago |
Dmitry Belyavskiy
|
922b5301ea
|
Adjust FIPS provider version
FIPS provider version is now autofilled from release and date
Related: rhbz#2026445
|
3 years ago |
Dmitry Belyavskiy
|
d237e7f301
|
Restoring fips=yes to SHA-1
Related: rhbz#2026445
|
3 years ago |
Dmitry Belyavskiy
|
cc37486d86
|
Minimize the list of services allowed for FIPS
Related: rhbz#2026445
|
3 years ago |