1227738 – SSLCipherSuite PROFILE=SYSTEM in ssl-global.conf sets Cyphers not recommended anymore

Bug 1227738 - SSLCipherSuite PROFILE=SYSTEM in ssl-global.conf sets Cyphers not recommended anymore

Summary: SSLCipherSuite PROFILE=SYSTEM in ssl-global.conf sets Cyphers not recommended...

Status:	NEW

Alias:	None

Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Apache (show other bugs)
Version:	Leap 15.5
Hardware:	Other Other

Priority:	P5 - None Severity: Normal (vote)
Target Milestone:	---
Assignee:	E-mail List
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-07-13 10:54 UTC by Freek de Kruijf
Modified:	2024-07-13 10:54 UTC (History)
CC List:	0 users

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Freek de Kruijf 2024-07-13 10:54:33 UTC

In my web server I use the definition of the SSLCypherSuite PROFILE=SYSTEM in ssl-global.conf. When using a site which checks the security of my setup it complains that AES128-SHA256, AES256-SHA, AES256-CCM, AES128-CCM, AES256-GCM-SHA384, AES128-SHA, AES256-SHA256, and AES128-GCM-SHA256 should be phased out.

Most likely the content of /etc/crypto-policies/back-ends/*.config should be adapted to these requirements.