From Fedora Project Wiki

Description

This test case ensures the correct functioning of crypto-policies, which provides the system-wide cryptographic policies defining the cryptographic settings for various packages, ensuring consistent security and performance profiles. The associated crypto-policies-scripts provides utilities to manage and apply these policies.

Setup

  1. Install a fresh version of Fedora.
  2. Install crypto-policies and crypto-policies-scripts: sudo dnf install crypto-policies crypto-policies-scripts.

How to test

  1. Check the current applied policy: update-crypto-policies --show.
  2. Set a new policy, e.g., update-crypto-policies --set FUTURE.
  3. Again, check the applied policy to confirm the change.
  4. Revert back to the default policy: update-crypto-policies --set DEFAULT.
  5. Check if the policy has been reverted.
  6. Optionally, explore other provided scripts from the crypto-policies-scripts package and test their functionality.

Expected Results

  1. The update-crypto-policies --show command should display the current applied policy without any errors.
  2. After setting the FUTURE policy, the new policy should be applied, and it should reflect when checked.
  3. After reverting back to the DEFAULT policy, it should be confirmed as the current applied policy.
  4. Any other tested scripts should function without errors and produce the expected results.

Optional

For extended testing:

  1. Test the impact of the set policy on various cryptographic back-ends and services (like OpenSSL or GnuTLS).
  2. Explore and test any other relevant scripts in the crypto-policies-scripts package.
  3. Check manual pages for the scripts and utilities for additional functionalities: e.g., man update-crypto-policies.