Fedora Looks At Tightening Its Crypto Policies Next Year

Written by Michael Larabel in Fedora on 30 April 2022 at 06:09 AM EDT. 5 Comments
FEDORA
Fedora Linux is looking at tightening up its cryptographic policies with next year's Fedora 38/39 releases but for Fedora 37 later this year they will likely begin warning users around the planned changes.

The latest change proposal for Fedora 37 this autumn notes, "Cryptographic policies will be tightened in Fedora 38-39, SHA-1 signatures will no longer be trusted by default. Fedora 37 specifically doesn't come with any change of defaults, and this Fedora Change is an advance warning filed for extra visibility. Test your setup with FUTURE today and file bugs so you won't get bit by Fedora 38-39...The flagship change this time will be distrusting SHA-1 signatures on the cryptographic library level, affecting more than just TLS. OpenSSL will start blocking signature creation and verification by default, with the fallout anticipated to be wide enough for us to roll out the change across multiple cycles with multiple forewarnings. In Fedora 36, 37 and 38 released distrusting SHA-1 signatures will be opt-in. In Fedora 38 rawhide and Fedora 39 distrusting SHA-1 signatures will happen by default."

The upcoming crypto policy changes most notably include distrusting SHA-1 signatures. Due to SHA-1 signatures still being out there and used, the plan with Fedora 37 is to warn users/administrators when encountering such signatures. The "future" policy will require SHA-256 hashes or better for signatures, all HDMAC with SHA-256 or better for MACs, at least 256-bit keys for ciphers, and other tightening in the name of ensuring more robust security.

More details on these planned security changes and the warnings that could appear in Fedora 37 can be found via the Fedora Wiki.
5 Comments
Related News
Fedora Cleared To Build Python Package With "-O3" Optimizations
Fedora Evaluates Replacing Redis With Valkey
Fedora Miracle Spin Proposed For Fedora 41
Fedora Linux 40 Available For Download As A Wonderful Upgrade
Fedora Linux 40 Cleared For Release Next Week
RPM 4.20 Approved For Fedora 41 To Advance Hands-Free Packaging
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
systemd Rolling Out "run0" As sudo Alternative
Linux Mint Looks To Fork More GNOME Software, Make XApp More Independent
Microsoft Updates Cascadia Code: Its Open-Source Font For Developers
Rust-Written Redox OS Gets USB Keyboards & Mice Working
AMD Enabling "Fast CPPC" For Even Greater Linux Performance & Power Efficiency On Some CPUs
NetBSD On The State & Future Of X.Org/X11
Valve Publishes Steam Survey Numbers For April 2024
Wine 9.8 Fixes Nearly 20 Year Old Bug For Installing Microsoft Office 97