Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

crypto-policies-20250124.4d262e7-2.1 RPM for noarch

From OpenSuSE Tumbleweed for noarch

Name: crypto-policies Distribution: openSUSE Tumbleweed
Version: 20250124.4d262e7 Vendor: openSUSE
Release: 2.1 Build date: Thu Mar 27 11:37:18 2025
Group: Productivity/Networking/Security Build host: reproducible
Size: 137330 Source RPM: crypto-policies-20250124.4d262e7-2.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://gitlab.com/redhat-crypto/fedora-crypto-policies
Summary: System-wide crypto policies
 
This package provides pre-built configuration files with
cryptographic policies for various cryptographic back-ends,
such as SSL/TLS libraries.

Provides

Requires

License

LGPL-2.1-or-later

Changelog

* Thu Mar 27 2025 Pedro Monreal <pmonreal@suse.com>
  - Relax the nss version requirement since the mlkem768secp256r1
    enablement has been reverted.
* Tue Mar 18 2025 Pedro Monreal <pmonreal@suse.com>
  - Allow sshd in FIPS mode when using the DEFAULT policy [bsc#1227370]
    * Add crypto-policies-Allow-sshd-in-FIPS-mode-using-DEFAULT.patch
* Tue Mar 11 2025 Pedro Monreal <pmonreal@suse.com>
  - Enable SHA1 sigver in the DEFAULT policy.
    * Add crypto-policies-enable-SHA1-sigver-in-DEFAULT.patch
* Fri Feb 28 2025 Pedro Monreal <pmonreal@suse.com>
  - Fix fips-mode-setup in EFI or Secure Boot mode. [bsc#1227637]
    * Rebase crypto-policies-FIPS.patch
* Wed Feb 12 2025 Pedro Monreal <pmonreal@suse.com>
  - Remove dangling symlink for the libreswan config [bsc#1236858]
  - Remove also sequoia config and generator files
  - Remove not needed fips bind mount service
* Tue Feb 04 2025 Pedro Monreal <pmonreal@suse.com>
  - Update to version 20250124.4d262e7: [bsc#1239009, bsc#1236165]
    * openssl: stricter enabling of Ciphersuites
    * openssl: make use of -CBC and -AESGCM keywords
    * openssl: add TLS 1.3 Brainpool identifiers
    * fix warning on using experimental key_exchanges
    * update-crypto-policies: don't output FIPS warning in fips mode
    * openssh: map mlkem768x25519-sha256 to KEM-ECDH & MLKEM768-X25519 & SHA2-256
    * openssh, libssh: refactor kx maps to use tuples
    * alg_lists: mark MLKEM768/SNTRUP kex experimental
    * nss: revert enabling mlkem768secp256r1
    * nss: add mlkem768x25519 and mlkem768secp256r1, remove xyber
    * gnutls: add GROUP-X25519-MLKEM768 and GROUP-SECP256R1-MLKEM768
    * openssl: use both names for SecP256r1MLKEM768 / X25519MLKEM768
    * openssh, TEST-PQ: rename MLKEM key_exchange to MLKEM768
    * openssh: add support for sntrup761x25519-sha512 and mlkem768x25519-sha256
    * openssl: map NULL to TLS_SHA256_SHA256:TLS_SHA384_SHA384...
    * python/update-crypto-policies: pacify pylint
    * fips-mode-setup: tolerate fips dracut module presence w/o FIPS
    * fips-mode-setup: small Argon2 detection fix
    * SHA1: add __openssl_block_sha1_signatures = 0
    * fips-mode-setup: block if LUKS devices using Argon2 are detected
    * update-crypto-policies: skip warning on --set=FIPS if bootc
    * fips-setup-helper: skip warning, BTW
    * fips-mode-setup: force --no-bootcfg when UKI is detected
    * fips-setup-helper: add a libexec helper for anaconda
    * fips-crypto-policy-overlay: automount FIPS policy
    * openssh: make dss no longer enableble, support is dropped
    * gnutls: wire GROUP-X25519-KYBER768 to X25519-KYBER768
    * DEFAULT: switch to rh-allow-sha1-signatures = no...
    * java: drop unused javasystem backend
    * java: stop specifying jdk.tls.namedGroups in javasystem
    * ec_min_size: introduce and use in java, default to 256
    * java: use and include jdk.disabled.namedCurves
    * BSI: Update BSI policy for new 2024 minimum recommendations
    * fips-mode-setup: flashy ticking warning upon use
    * fips-mode-setup: add another scary "unsupported"
    * CONTRIBUTING.md: add a small section on updating policies
    * CONTRIBUTING.md: remove trailing punctuation from headers
    * BSI: switch to 3072 minimum RSA key size
    * java: make hash, mac and sign more orthogonal
    * java: specify jdk.tls.namedGroups system property
    * java: respect more key size restrictions
    * java: disable anon ciphersuites, tying them to NULL...
    * java: start controlling / disable DTLSv1.0
    * nss: wire KYBER768 to XYBER768D00
    * nss: unconditionally load p11-kit-proxy.so
    * gnutls: make DTLS0.9 controllable again
    * gnutls: retire GNUTLS_NO_TLS_SESSION_HASH
    * openssh: remove OPENSSH_MIN_RSA_SIZE / OPENSSH_MIN_RSA_SIZE_FORCE
    * gnutls: remove extraneous newline
    * sequoia: move away from subprocess.getstatusoutput
    * python/cryptopolicies/cryptopolicies.py: add trailing commas
    * python, tests: rename MalformedLine to MalformedLineError
    * Makefile: introduce SKIP_LINTING flag for packagers to use
    * Makefile: run ruff
    * tests: use pathlib
    * tests: run(check=True) + CalledProcessError where convenient
    * tests: use subprocess.run
    * tests/krb5.py: check all generated policies
    * tests: print to stderr on error paths
    * tests/nss.py: also use encoding='utf-8'
    * tests/nss.py: also use removesuffix
    * tests/nss.py: skip creating tempfiles
    * tests/java.pl -> tests/java.py
    * tests/gnutls.pl -> tests/gnutls.py
    * tests/openssl.pl -> tests/openssl.py
    * tests/verify-output.pl: remove
    * libreswan: do not use up pfs= / ikev2= keywords for default behaviour
    * Rebase patches:
    - crypto-policies-no-build-manpages.patch
    - crypto-policies-policygenerators.patch
    - crypto-policies-supported.patch
    - crypto-policies-nss.patch
* Wed Nov 06 2024 Pedro Monreal <pmonreal@suse.com>
  - Update to version 20241010.5930b9a:
    * LEGACY: enable 192-bit ciphers for nss pkcs12/smime
    * nss: be stricter with new purposes
    * nss: rewrite backend for 3.101
    * cryptopolicies: parent scopes for dumping purposes
    * policygenerators: move scoping inside generators
    * TEST-PQ: disable pure Kyber768
    * nss: wire XYBER768D00 to X25519-KYBER768
    * TEST-PQ: update
    * TEST-PQ: also enable sntrup761x25519-sha512@openssh.com
    * TEST-PQ, alg_lists, openssl: enable more experimental `sign` values
    * TEST-PQ, python: add more groups, mark experimental
    * openssl: mark liboqsprovider groups optional with ?
    * Remove patches:
    - crypto-policies-revert-rh-allow-sha1-signatures.patch
* Tue Feb 06 2024 Pedro Monreal <pmonreal@suse.com>
  - Update to version 20240201.9f501f3:
    * .gitlab-ci.yml: install sequoia-policy-config
    * java: disable ChaCha20-Poly1305 where applicable
    * fips-mode-setup: make sure ostree is detected in chroot
    * fips-finish-install: make sure ostree is detected in chroot
    * TEST-PQ: enable X25519-KYBER768 / P384-KYBER768 for openssl
    * TEST-PQ: add a no-op subpolicy
    * update-crypto-policies: Keep mid-sentence upper case
    * fips-mode-setup: Write error messages to stderr
    * fips-mode-setup: Fix some shellcheck warnings
    * fips-mode-setup: Fix test for empty /boot
    * fips-mode-setup: Avoid 'boot=UUID=' if /boot == /
    * Update man pages
    * Rebase patches:
    - crypto-policies-FIPS.patch
    - crypto-policies-revert-rh-allow-sha1-signatures.patch
* Fri Feb 02 2024 Pedro Monreal <pmonreal@suse.com>
  - Update to version 20231108.adb5572b:
    * Print matches in syntax deprecation warnings
    * Restore support for scoped ssh_etm directives
    * fips-mode-setup: Fix usage with --no-bootcfg
    * turn ssh_etm into an etm@SSH tri-state
    * fips-mode-setup: increase chroot-friendliness
    * bind: fix a typo that led to duplication of ECDSAPxxxSHAxxx
    * pylintrc: use-implicit-booleaness-not-comparison-to-*
* Tue Jan 30 2024 Dirk Müller <dmueller@suse.com>
  - avoid the cycle rpm/cmake/crypto-policies/python-rpm-macros:
    we only need python3-base here, we don't need the python
    macros as no module is being built
* Thu Oct 05 2023 Daniel Garcia <daniel.garcia@suse.com>
  - Remove dependency on /usr/bin/python3, making scripts to depends on
    the real python3 binary, not the link. bsc#1212476
* Wed Sep 27 2023 Pedro Monreal <pmonreal@suse.com>
  - nss: Skip the NSS policy check if the mozilla-nss-tools package
    is not installed. This avoids adding more dependencies in ring0.
    * Add crypto-policies-nss.patch [bsc#1211301]
* Fri Sep 22 2023 Pedro Monreal <pmonreal@suse.com>
  - Update to version 20230920.570ea89:
    * fips-mode-setup: more thorough --disable, still unsupported
    * FIPS:OSPP: tighten beyond reason for OSPP 4.3
    * krb5: sort enctypes mac-first, cipher-second, prioritize SHA-2 ones
    * openssl: implement relaxing EMS in FIPS (NO-ENFORCE-EMS)
    * gnutls: prepare for tls-session-hash option coming
    * nss: prepare for TLS-REQUIRE-EMS option coming
    * NO-ENFORCE-EMS: add subpolicy
    * FIPS: set __ems = ENFORCE
    * cryptopolicies: add enums and __ems tri-state
    * docs: replace `FIPS 140-2` with just `FIPS 140`
    * .gitlab-ci: remove forcing OPENSSH_MIN_RSA_SIZE
    * cryptopolicies: add comments on dunder options
    * nss: retire NSS_OLD and replace with NSS_LAX 3.80 check
    * BSI: start a BSI TR 02102 policy [jsc#PED-4933]
    * Rebase patches:
    - crypto-policies-policygenerators.patch
    - crypto-policies-revert-rh-allow-sha1-signatures.patch
    - crypto-policies-FIPS.patch
* Fri Sep 15 2023 Pedro Monreal <pmonreal@suse.com>
  - Conditionally recommend the crypto-policies-scripts package
    when python is not installed in the system [bsc#1215201]
* Thu Aug 31 2023 Pedro Monreal <pmonreal@suse.com>
  - Tests: Fix pylint versioning for TW and fix the parsing of the
    policygenerators to account for the commented lines correctly.
    * Add crypto-policies-pylint.patch
    * Rebase crypto-policies-policygenerators.patch
* Tue Aug 01 2023 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Adapt the fips-mode-setup script to use the pbl command
    from the perl-Bootloader package to replace grubby. Add a note
    for transactional systems [jsc#PED-5041].
    * Rebase crypto-policies-FIPS.patch
* Fri Jul 14 2023 Marcus Meissner <meissner@suse.com>
  - BSI.pol: Added a new BSI policy for BSI TR 02102* (jsc#PED-4933)
    derived from NEXT.pol
* Thu Jul 13 2023 Pedro Monreal <pmonreal@suse.com>
  - Update to version 20230614.5f3458e:
    * policies: impose old OpenSSL groups order for all back-ends
    * Rebase patches:
    - crypto-policies-revert-rh-allow-sha1-signatures.patch
    - crypto-policies-supported.patch
* Thu May 25 2023 Pedro Monreal <pmonreal@suse.com>
  - FIPS: Enable to set the kernel FIPS mode with fips-mode-setup
    and fips-finish-install commands, add also the man pages. The
    required FIPS modules are left to be installed by the user.
    * Rebase crypto-policies-FIPS.patch
* Wed May 24 2023 Pedro Monreal <pmonreal@suse.com>
  - Revert a breaking change that introduces the config option
    rh-allow-sha1-signatures that is unkown to OpenSSL and fails
    on startup. We will consider adding this option to openssl.
    * https://gitlab.com/redhat-crypto/fedora-crypto-policies/-/commit/97fe4494
    * Add crypto-policies-revert-rh-allow-sha1-signatures.patch
* Mon May 08 2023 Pedro Monreal <pmonreal@suse.com>
  - Update the update-crypto-policies(8) man pages and README.SUSE
    to mention the supported back-end policies. [bsc#1209998]
    * Add crypto-policies-supported.patch
* Mon May 08 2023 Pedro Monreal <pmonreal@suse.com>
  - Update to version 20230420.3d08ae7:
    * openssl, alg_lists: add brainpool support
    * openssl: set Groups explicitly
    * codespell: ignore aNULL
    * rpm-sequoia: allow 1024 bit DSA and SHA-1 per FeSCO decision 2960
    * sequoia: add separate rpm-sequoia backend
    * crypto-policies.7: state upfront that FUTURE is not so interoperable
    * Makefile: update for asciidoc 10
    * Skip not needed LibreswanGenerator and SequoiaGenerator:
    - Add crypto-policies-policygenerators.patch
    * Remove crypto-policies-test_supported_modules_only.patch
    * Rebase crypto-policies-no-build-manpages.patch
* Fri Jan 20 2023 Pedro Monreal <pmonreal@suse.com>
  - Update to version 20221214.a4c31a3:
    * bind: expand the list of disableable algorithms
    * libssh: Add support for openssh fido keys
    * .gitlab-ci.yml: install krb5-devel for krb5-config
    * sequoia: check using sequoia-policy-config-check
    * sequoia: introduce new back-end
    * Makefile: support overriding asciidoc executable name
    * openssh: make none and auto explicit and different
    * openssh: autodetect and allow forcing RequiredRSASize presence/name
    * openssh: remove _pre_8_5_ssh
    * pylintrc: update
    * Revert "disable SHA-1 further for a Fedora 38 Rawhide "jump scare"..."
    * disable SHA-1 further for a Fedora 38 Rawhide "jump scare"...
    * Makefile: exclude built manpages from codespell
    * add openssh HostbasedAcceptedAlgorithms
    * openssh: add RSAMinSize option following min_rsa_size
    * Revert ".gitlab-ci.yml: skip pylint (bz2069837)"
    * docs: add customization recommendation
    * tests/java: fix java.security.disableSystemPropertiesFile=true
    * policies: add FEDORA38 and TEST-FEDORA39
    * bind: control ED25519/ED448
    * openssl: disable SHA-1 signatures in FUTURE/NO-SHA1
    * .gitlab-ci.yml: skip pylint (bz2069837)
    * openssh: add support for sntrup761x25519-sha512@openssh.com
    * fips-mode-setup: fix one unrelated check to intended state
    * fips-mode-setup, fips-finish-install: abandon /etc/system-fips
    * Makefile: fix alt-policy test of LEGACY:AD-SUPPORT
    * fips-mode-setup: catch more inconsistencies, clarify --check
    * fips-mode-setup: improve handling FIPS plus subpolicies
    * .gitlab-ci.yml: use rawhide so that we get gnutls 3.7.3
    * gnutls: enable SHAKE, needed for Ed448
    * gnutls: use allowlisting
    * openssl: add newlines at the end of the output
    * FIPS:OSPP: relax -ECDSA-SHA2-512, -FFDHE-*
    * fips-mode-setup, fips-finish-install: call zipl more often
    * Add crypto-policies-rpmlintrc file to avoid files-duplicate,
      zero-length and non-conffile-in-etc warnings.
    * Rebase patches:
    - crypto-policies-FIPS.patch
    - crypto-policies-no-build-manpages.patch
    * Update README.SUSE

Files

/etc/crypto-policies
/etc/crypto-policies/README.SUSE
/etc/crypto-policies/back-ends
/etc/crypto-policies/back-ends/bind.config
/etc/crypto-policies/back-ends/gnutls.config
/etc/crypto-policies/back-ends/java.config
/etc/crypto-policies/back-ends/krb5.config
/etc/crypto-policies/back-ends/libssh.config
/etc/crypto-policies/back-ends/nss.config
/etc/crypto-policies/back-ends/openssh.config
/etc/crypto-policies/back-ends/opensshserver.config
/etc/crypto-policies/back-ends/openssl.config
/etc/crypto-policies/back-ends/openssl_fips.config
/etc/crypto-policies/back-ends/opensslcnf.config
/etc/crypto-policies/config
/etc/crypto-policies/local.d
/etc/crypto-policies/policies
/etc/crypto-policies/policies/modules
/etc/crypto-policies/state
/etc/crypto-policies/state/CURRENT.pol
/etc/crypto-policies/state/current
/usr/share/crypto-policies
/usr/share/crypto-policies/BSI
/usr/share/crypto-policies/BSI/bind.txt
/usr/share/crypto-policies/BSI/gnutls.txt
/usr/share/crypto-policies/BSI/java.txt
/usr/share/crypto-policies/BSI/krb5.txt
/usr/share/crypto-policies/BSI/libssh.txt
/usr/share/crypto-policies/BSI/nss.txt
/usr/share/crypto-policies/BSI/openssh.txt
/usr/share/crypto-policies/BSI/opensshserver.txt
/usr/share/crypto-policies/BSI/openssl.txt
/usr/share/crypto-policies/BSI/openssl_fips.txt
/usr/share/crypto-policies/BSI/opensslcnf.txt
/usr/share/crypto-policies/DEFAULT
/usr/share/crypto-policies/DEFAULT/bind.txt
/usr/share/crypto-policies/DEFAULT/gnutls.txt
/usr/share/crypto-policies/DEFAULT/java.txt
/usr/share/crypto-policies/DEFAULT/krb5.txt
/usr/share/crypto-policies/DEFAULT/libssh.txt
/usr/share/crypto-policies/DEFAULT/nss.txt
/usr/share/crypto-policies/DEFAULT/openssh.txt
/usr/share/crypto-policies/DEFAULT/opensshserver.txt
/usr/share/crypto-policies/DEFAULT/openssl.txt
/usr/share/crypto-policies/DEFAULT/openssl_fips.txt
/usr/share/crypto-policies/DEFAULT/opensslcnf.txt
/usr/share/crypto-policies/EMPTY
/usr/share/crypto-policies/EMPTY/bind.txt
/usr/share/crypto-policies/EMPTY/gnutls.txt
/usr/share/crypto-policies/EMPTY/java.txt
/usr/share/crypto-policies/EMPTY/krb5.txt
/usr/share/crypto-policies/EMPTY/libssh.txt
/usr/share/crypto-policies/EMPTY/nss.txt
/usr/share/crypto-policies/EMPTY/openssh.txt
/usr/share/crypto-policies/EMPTY/opensshserver.txt
/usr/share/crypto-policies/EMPTY/openssl.txt
/usr/share/crypto-policies/EMPTY/openssl_fips.txt
/usr/share/crypto-policies/EMPTY/opensslcnf.txt
/usr/share/crypto-policies/FIPS
/usr/share/crypto-policies/FIPS/bind.txt
/usr/share/crypto-policies/FIPS/gnutls.txt
/usr/share/crypto-policies/FIPS/java.txt
/usr/share/crypto-policies/FIPS/krb5.txt
/usr/share/crypto-policies/FIPS/libssh.txt
/usr/share/crypto-policies/FIPS/nss.txt
/usr/share/crypto-policies/FIPS/openssh.txt
/usr/share/crypto-policies/FIPS/opensshserver.txt
/usr/share/crypto-policies/FIPS/openssl.txt
/usr/share/crypto-policies/FIPS/openssl_fips.txt
/usr/share/crypto-policies/FIPS/opensslcnf.txt
/usr/share/crypto-policies/FUTURE
/usr/share/crypto-policies/FUTURE/bind.txt
/usr/share/crypto-policies/FUTURE/gnutls.txt
/usr/share/crypto-policies/FUTURE/java.txt
/usr/share/crypto-policies/FUTURE/krb5.txt
/usr/share/crypto-policies/FUTURE/libssh.txt
/usr/share/crypto-policies/FUTURE/nss.txt
/usr/share/crypto-policies/FUTURE/openssh.txt
/usr/share/crypto-policies/FUTURE/opensshserver.txt
/usr/share/crypto-policies/FUTURE/openssl.txt
/usr/share/crypto-policies/FUTURE/openssl_fips.txt
/usr/share/crypto-policies/FUTURE/opensslcnf.txt
/usr/share/crypto-policies/LEGACY
/usr/share/crypto-policies/LEGACY/bind.txt
/usr/share/crypto-policies/LEGACY/gnutls.txt
/usr/share/crypto-policies/LEGACY/java.txt
/usr/share/crypto-policies/LEGACY/krb5.txt
/usr/share/crypto-policies/LEGACY/libssh.txt
/usr/share/crypto-policies/LEGACY/nss.txt
/usr/share/crypto-policies/LEGACY/openssh.txt
/usr/share/crypto-policies/LEGACY/opensshserver.txt
/usr/share/crypto-policies/LEGACY/openssl.txt
/usr/share/crypto-policies/LEGACY/openssl_fips.txt
/usr/share/crypto-policies/LEGACY/opensslcnf.txt
/usr/share/crypto-policies/back-ends
/usr/share/crypto-policies/back-ends/BSI
/usr/share/crypto-policies/back-ends/BSI/bind.config
/usr/share/crypto-policies/back-ends/BSI/gnutls.config
/usr/share/crypto-policies/back-ends/BSI/java.config
/usr/share/crypto-policies/back-ends/BSI/krb5.config
/usr/share/crypto-policies/back-ends/BSI/libssh.config
/usr/share/crypto-policies/back-ends/BSI/nss.config
/usr/share/crypto-policies/back-ends/BSI/openssh.config
/usr/share/crypto-policies/back-ends/BSI/opensshserver.config
/usr/share/crypto-policies/back-ends/BSI/openssl.config
/usr/share/crypto-policies/back-ends/BSI/openssl_fips.config
/usr/share/crypto-policies/back-ends/BSI/opensslcnf.config
/usr/share/crypto-policies/back-ends/DEFAULT
/usr/share/crypto-policies/back-ends/DEFAULT/bind.config
/usr/share/crypto-policies/back-ends/DEFAULT/gnutls.config
/usr/share/crypto-policies/back-ends/DEFAULT/java.config
/usr/share/crypto-policies/back-ends/DEFAULT/krb5.config
/usr/share/crypto-policies/back-ends/DEFAULT/libssh.config
/usr/share/crypto-policies/back-ends/DEFAULT/nss.config
/usr/share/crypto-policies/back-ends/DEFAULT/openssh.config
/usr/share/crypto-policies/back-ends/DEFAULT/opensshserver.config
/usr/share/crypto-policies/back-ends/DEFAULT/openssl.config
/usr/share/crypto-policies/back-ends/DEFAULT/openssl_fips.config
/usr/share/crypto-policies/back-ends/DEFAULT/opensslcnf.config
/usr/share/crypto-policies/back-ends/FIPS
/usr/share/crypto-policies/back-ends/FIPS/bind.config
/usr/share/crypto-policies/back-ends/FIPS/gnutls.config
/usr/share/crypto-policies/back-ends/FIPS/java.config
/usr/share/crypto-policies/back-ends/FIPS/krb5.config
/usr/share/crypto-policies/back-ends/FIPS/libssh.config
/usr/share/crypto-policies/back-ends/FIPS/nss.config
/usr/share/crypto-policies/back-ends/FIPS/openssh.config
/usr/share/crypto-policies/back-ends/FIPS/opensshserver.config
/usr/share/crypto-policies/back-ends/FIPS/openssl.config
/usr/share/crypto-policies/back-ends/FIPS/openssl_fips.config
/usr/share/crypto-policies/back-ends/FIPS/opensslcnf.config
/usr/share/crypto-policies/back-ends/FUTURE
/usr/share/crypto-policies/back-ends/FUTURE/bind.config
/usr/share/crypto-policies/back-ends/FUTURE/gnutls.config
/usr/share/crypto-policies/back-ends/FUTURE/java.config
/usr/share/crypto-policies/back-ends/FUTURE/krb5.config
/usr/share/crypto-policies/back-ends/FUTURE/libssh.config
/usr/share/crypto-policies/back-ends/FUTURE/nss.config
/usr/share/crypto-policies/back-ends/FUTURE/openssh.config
/usr/share/crypto-policies/back-ends/FUTURE/opensshserver.config
/usr/share/crypto-policies/back-ends/FUTURE/openssl.config
/usr/share/crypto-policies/back-ends/FUTURE/openssl_fips.config
/usr/share/crypto-policies/back-ends/FUTURE/opensslcnf.config
/usr/share/crypto-policies/back-ends/LEGACY
/usr/share/crypto-policies/back-ends/LEGACY/bind.config
/usr/share/crypto-policies/back-ends/LEGACY/gnutls.config
/usr/share/crypto-policies/back-ends/LEGACY/java.config
/usr/share/crypto-policies/back-ends/LEGACY/krb5.config
/usr/share/crypto-policies/back-ends/LEGACY/libssh.config
/usr/share/crypto-policies/back-ends/LEGACY/nss.config
/usr/share/crypto-policies/back-ends/LEGACY/openssh.config
/usr/share/crypto-policies/back-ends/LEGACY/opensshserver.config
/usr/share/crypto-policies/back-ends/LEGACY/openssl.config
/usr/share/crypto-policies/back-ends/LEGACY/openssl_fips.config
/usr/share/crypto-policies/back-ends/LEGACY/opensslcnf.config
/usr/share/crypto-policies/default-config
/usr/share/crypto-policies/policies
/usr/share/crypto-policies/policies/BSI.pol
/usr/share/crypto-policies/policies/DEFAULT.pol
/usr/share/crypto-policies/policies/EMPTY.pol
/usr/share/crypto-policies/policies/FEDORA40.pol
/usr/share/crypto-policies/policies/FIPS.pol
/usr/share/crypto-policies/policies/FUTURE.pol
/usr/share/crypto-policies/policies/GOST-ONLY.pol
/usr/share/crypto-policies/policies/LEGACY.pol
/usr/share/crypto-policies/policies/NEXT.pol
/usr/share/crypto-policies/policies/TEST-FEDORA41.pol
/usr/share/crypto-policies/policies/modules
/usr/share/crypto-policies/policies/modules/AD-SUPPORT.pmod
/usr/share/crypto-policies/policies/modules/ECDHE-ONLY.pmod
/usr/share/crypto-policies/policies/modules/GOST.pmod
/usr/share/crypto-policies/policies/modules/NO-CAMELLIA.pmod
/usr/share/crypto-policies/policies/modules/NO-ENFORCE-EMS.pmod
/usr/share/crypto-policies/policies/modules/NO-SHA1.pmod
/usr/share/crypto-policies/policies/modules/OSPP.pmod
/usr/share/crypto-policies/policies/modules/SHA1.pmod
/usr/share/crypto-policies/policies/modules/TEST-PQ.pmod
/usr/share/crypto-policies/reload-cmds.sh
/usr/share/doc/packages/crypto-policies
/usr/share/doc/packages/crypto-policies/CONTRIBUTING.md
/usr/share/doc/packages/crypto-policies/README.md
/usr/share/licenses/crypto-policies
/usr/share/licenses/crypto-policies/COPYING.LESSER
/usr/share/man/man7/crypto-policies.7.gz

Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Apr 5 23:25:09 2025