crypto-policies:PolicySyntaxDeprecationWarning:Option protocol is deprecated, please rewrite your rules using protocol@tls; be advised that it is not always a 1-1 replacement エラー
Issue
-
RHEL 8.5 にアップグレードした後、カスタムポリシーを適用すると、
update-crypto-policiesによって以下の警告メッセージが出力されます。# update-crypto-policies PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@tls; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@tls; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@ssh; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_group is deprecated, please rewrite your rules using group@ssh; be advised that it is not always a 1-1 replacement -
/etc/crypto-policies/policies/modules/CUSTOM.pmodのカスタムポリシーには、以下の行が含まれています。ssh_cipher = AES-128-CTR AES-256-CTR AES-128-GCM AES-256-GCM CHACHA20-POLY1305 ssh_group = -X25519 key_exchange = DHE ECDHE ECDHE-GSS DHE-GSS DHE-DSS DHE-RSA ssh_etm = 1 mac = HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 cipher = AES-256-GCM AES-128-GCM CHACHA20-POLY1305 CAMELLIA-256-GCM CAMELLIA-128-GCM hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA2-224 SHA1 tls_cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-128-GCM AES-128-CCM protocol = TLS1.3 TLS1.2 DTLS1.2 min_tls_version = TLS1.2 min_dh_size = 2048 min_dsa_size = 2048 min_rsa_size = 2048 -
このポリシーは RHEL 8.4 で動作します。
Environment
- Red Hat Enterprise Linux 8.5 以降
- crypto-policies-20210617-1 以降
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
