Discussions
Categories
- 17.9K All Categories
- 3.4K Industry Applications
- 3.3K Intelligent Advisor
- 63 Insurance
- 535.7K On-Premises Infrastructure
- 138.1K Analytics Software
- 38.6K Application Development Software
- 5.6K Cloud Platform
- 109.3K Database Software
- 17.5K Enterprise Manager
- 8.8K Hardware
- 71K Infrastructure Software
- 105.2K Integration
- 41.5K Security Software
FUTURE crypto policy breaks dnf
user10174131
Member Posts: 35 Blue Ribbon
After setting a FUTURE crypto policy and rebooting, dnf fails with the base repository:
# dnf update Oracle Linux 8 BaseOS Latest (x86_64) 0.0 B/s | 0 B 00:00 Errors during downloading metadata for repository 'ol8_baseos_latest': - Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://yum.oracle.com/repo/OracleLinux/OL8/baseos/latest/x86_64/repodata/repomd.xml [SSL certificate problem: CA certificate key too weak]
After dropping down to default...
# update-crypto-policies --set DEFAULT Setting system policy to DEFAULT Note: System-wide crypto policies are applied on application start-up. It is recommended to restart the system for the change of policies to fully take place. # reboot -f Rebooting.
...dnf is restored:
# dnf update Oracle Linux 8 BaseOS Latest (x86_64) 11 MB/s | 44 MB 00:04...
Is is feasible for dnf to operate with a FUTURE crypto policy? Will this entail a great deal of work for the repository maintainers?
Edit: The manual page for crypto-policies lists the following for FUTURE:
RSA keys size: >= 3072
(upstream had the same problem, listed in a bugzilla)