Bug 1227738

Summary: SSLCipherSuite PROFILE=SYSTEM in ssl-global.conf sets Cyphers not recommended anymore
Product: [openSUSE] openSUSE Distribution Reporter: Freek de Kruijf <freek>
Component: ApacheAssignee: E-mail List <apache-bugs>
Status: NEW --- QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None    
Version: Leap 15.5   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Freek de Kruijf 2024-07-13 10:54:33 UTC 
In my web server I use the definition of the SSLCypherSuite PROFILE=SYSTEM in ssl-global.conf. When using a site which checks the security of my setup it complains that AES128-SHA256, AES256-SHA, AES256-CCM, AES128-CCM, AES256-GCM-SHA384, AES128-SHA, AES256-SHA256, and AES128-GCM-SHA256 should be phased out.

Most likely the content of /etc/crypto-policies/back-ends/*.config should be adapted to these requirements.