| Bug ID | 1227738 |
|---|---|
| Summary | SSLCipherSuite PROFILE=SYSTEM in ssl-global.conf sets Cyphers not recommended anymore |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 15.5 |
| Hardware | Other |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Apache |
| Assignee | apache-bugs@suse.de |
| Reporter | freek@opensuse.org |
| QA Contact | qa-bugs@suse.de |
| Target Milestone | --- |
| Found By | --- |
| Blocker | --- |
In my web server I use the definition of the SSLCypherSuite PROFILE=SYSTEM in ssl-global.conf. When using a site which checks the security of my setup it complains that AES128-SHA256, AES256-SHA, AES256-CCM, AES128-CCM, AES256-GCM-SHA384, AES128-SHA, AES256-SHA256, and AES128-GCM-SHA256 should be phased out. Most likely the content of /etc/crypto-policies/back-ends/*.config should be adapted to these requirements.