View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000214 | AlmaLinux-8 | dnf | public | 2022-04-11 09:54 | 2022-04-11 09:54 |
| Reporter | kiwi | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | new | Resolution | open | ||
| Platform | All | OS | Alma Linux | OS Version | 8.5 |
| Summary | 0000214: Alma Linux repository uses too weak certificate for enhanched security | ||||
| Description | If you security harden your serverusing RedHats proposed method (https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening): update-crypto-policies --set FUTURE ...you can no longer use dnf (with underlying curl) since it reports that the repository certificate is too weak: [root@server~]# dnf update AlmaLinux 8 - BaseOS 0.0 B/s | 0 B 00:07 Errors during downloading metadata for repository 'baseos': - Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://mirrors.almalinux.org/mirrorlist/8/baseos?countme=3 [SSL certificate problem: EE certificate key too weak] - Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://mirrors.almalinux.org/mirrorlist/8/baseos [SSL certificate problem: EE certificate key too weak] Error: Failed to download metadata for repo 'baseos': Cannot prepare internal mirrorlist: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://mirrors.almalinux.org/mirrorlist/8/baseos [SSL certificate problem: EE certificate key too weak] [root@server~]# | ||||
| Steps To Reproduce | update-crypto-policies --set FUTURE dnf update | ||||
| Tags | No tags attached. | ||||
| abrt_hash | |||||
| URL | |||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2022-04-11 09:54 | kiwi | New Issue |
