Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1335930 - Disable CA certificates with 1024-bit or less parameters
Summary: Disable CA certificates with 1024-bit or less parameters
Keywords:
Status: CLOSED DUPLICATE of bug 1367434
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ca-certificates
Version: 7.4
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Kai Engert (:kaie) (inactive account)
QA Contact: BaseOS QE Security Team
Mirek Jahoda
URL:
Whiteboard:
Depends On: rhel7-openssl1.0.2 1367484 1386616 1386848
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-05-13 14:44 UTC by Nikos Mavrogiannopoulos
Modified: 2017-07-04 09:15 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-03-01 11:43:27 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Bugzilla 1335928 None None None Never

Internal Links: 1335928

Description Nikos Mavrogiannopoulos 2016-05-13 14:44:38 UTC
RHEL includes several cryptographic components who's security doesn't remain constant over time. Algorithms such as (cryptographic) hashing and encryption typically have a lifetime after which they are considered either too risky to use or plain insecure. That would mean we need to phase out such algorithms from the default settings, or completely disable if they could cause irreparable issue. 


This bug is about disabling any CA certificates which utilize less than 1024-bit RSA parameters.

Comment 5 Kai Engert (:kaie) (inactive account) 2017-03-01 11:43:27 UTC
This bug seems equivalent to bug 1367434, marking as duplicate.

*** This bug has been marked as a duplicate of bug 1367434 ***


Note You need to log in before you can comment on or make changes to this bug.