Let's see here, the following RedHat article shows how you can display
what the requirements are for each crypto policy using gnutls-utils and
httpd/ Here we are interested in what the requirement are when you execute
update-crypto-policies --set LEGACY
Follow the server recipe in the article using alma 9. Then we can see
where EL7 is diverging from what alma 9 wants.
See: https://access.redhat.com/articles/3666211
According to RH, LEGACY should ensures maximum compatibility with Red
Hat Enterprise Linux 5 and earlier; it is less secure due to an
increased attack surface. In addition to the DEFAULT level algorithms and
protocols, it includes support for the TLS 1.0 and 1.1 protocols. The
algorithms DSA, 3DES, and RC4 are allowed, while RSA keys and
Diffie-Hellman parameters are accepted if they are at least 1023 bits
long.
This may not be the case in Alma 9 so let's find out.
Andy
On Wed, 31 May 2023, Adrian Sevcenco wrote:
> @bbockelm yeah, i did not get it but make sense. so i did as you suggested, rebooted the machine and the error is the same. for reference the overall current policy looks like this: https://asevcenc.web.cern.ch/asevcenc/eos_config_auger/new_pol
>
> --
> Reply to this email directly or view it on GitHub:
> https://github.com/xrootd/xrootd/issues/2014#issuecomment-1570951631
> You are receiving this because you were mentioned.
>
> Message ID: ***@***.***>
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.
Message ID: <xrootd/xrootd/issues/2014/1571019038@github.com>
[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/xrootd/xrootd/issues/2014#issuecomment-1571019038",
"url": "https://github.com/xrootd/xrootd/issues/2014#issuecomment-1571019038",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
