View Issue Details

IDProjectCategoryView StatusLast Update
0000214AlmaLinux-8dnfpublic2022-04-11 09:54
Reporterkiwi Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
PlatformAllOSAlma LinuxOS Version8.5
Summary0000214: Alma Linux repository uses too weak certificate for enhanched security
DescriptionIf you security harden your serverusing RedHats proposed method (https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening):

update-crypto-policies --set FUTURE

...you can no longer use dnf (with underlying curl) since it reports that the repository certificate is too weak:

[[email protected]~]# dnf update
AlmaLinux 8 - BaseOS 0.0 B/s | 0 B 00:07
Errors during downloading metadata for repository 'baseos':
  - Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://mirrors.almalinux.org/mirrorlist/8/baseos?countme=3 [SSL certificate problem: EE certificate key too weak]
  - Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://mirrors.almalinux.org/mirrorlist/8/baseos [SSL certificate problem: EE certificate key too weak]
Error: Failed to download metadata for repo 'baseos': Cannot prepare internal mirrorlist: Curl error (60): Peer certificate cannot be authenticated with given CA certificates for https://mirrors.almalinux.org/mirrorlist/8/baseos [SSL certificate problem: EE certificate key too weak]
[[email protected]~]#
Steps To Reproduceupdate-crypto-policies --set FUTURE

dnf update
TagsNo tags attached.
abrt_hash
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2022-04-11 09:54 kiwi New Issue