Test Day:2017-03-30 CryptoPolicies

Crypto Policies
Date	2017-03-30
Time	all day
Website	QA/Test Days
IRC	#fedora-test-day (webirc)
Mailing list	test

Can't make the date?
If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find at Bugzilla, and add your results to the results section. If this page is more than a month old when you arrive here, please check the current schedule and see if a similar but more recent Test Day is planned or has already happened.

What to test?[edit]

Today's instalment of Fedora Test Day will focus on crypto-policies

Who's available[edit]

The following cast of characters will be available testing, workarounds, bug fixes, and general discussion. In case of problem related to test day organization/wiki/whatever, please reach out to szidek.

• Development - Nikos Mavrogiannopoulos (nmav, GnuTLS, crypto-policies), Tomáš Mráz (t8m, OpenSSL), Kai Engert (kaie, NSS), Robert Relyea (rrelyea, NSS), Daiki Ueno (ueno, NSS), Jakub Jelen (jjelen, OpenSSH)
• Quality Assurance - Stanislav Židek (szidek), Hubert Kario (hkario)

Prerequisite for Test Day[edit]

• An updated Fedora 26 workstation or server pre-release, or a Fedora 26 nightly image
• a desire to break software ;)

How to test?[edit]

Update your machine[edit]

If you're running Fedora 26, make sure you have all the current updates for it installed, using the update manager. If you want to try Rawhide, see the instructions on the Rawhide page on the various ways in which you can install or update to Rawhide. Or:

Live image[edit]

Instead of testing with an installed system, you may download a non-destructive nightly live image for your architecture. Tips on using a live image are available at FedoraLiveCD. Live image links can be found here: please be sure to download one for the correct release.

Run the tests[edit]

Visit the result page and click on the column title links to see the tests that need to be run: most column titles are links to a specific test case. Follow the instructions there, then enter your results by clicking the Enter result button for the test.

Reporting bugs[edit]

Include some instructions on how to report bugs, and any special instructions. Here's an example, from a Palimpsest test day:

If you have problems with any of the tests, report a bug to Bugzilla usually for the component crypto-policies, or for particular software using crypto-policies. If you are unsure about exactly how to file the report or what other information to include, just ask on IRC and we will help you.

Test Results[edit]

Results transferred from the result page on 2017-04-10.

Basic[edit]

User	Profile	Sanity	Switching to bogus profile	OpenSSH support	Firefox	Java	References
Tenk	F26 Alpha 1.7	pass	pass	pass	fail [1]		↑ RHBZ #1437213
akashche	F26 running in Docker	pass [1]	pass		pass	pass	↑ https://bugzilla.redhat.com/show_bug.cgi?id=1437213 - cannot access rc4.badssl.com, 3des.badssl.com worked as expected
coremodule		pass	pass	pass warn [1]		pass	↑ For FUTURE, received this output: Unable to negotiate with ::1 port 22: no matching cipher found. Their offer: 3des-cbc
jsedlak		pass [1]	pass				↑ Everything that was uncommented ran OK.
jvanek		pass	pass	pass		warn [1]	↑ As mentioned by pmikova and mvala - when FUTURE is selected, nearly no https connection is possible to establish with icedtea-web
krouma		pass	pass [1]	pass	fail [2] fail	pass	↑ Passed even with special symbols and Czech characters ↑ Test part 3.: Web pages https://3des.badssl.com/ and https://rc4.badssl.com/ were failing for all 3 profiles.
lzachar		fail [1] [2] [3] [4]	pass	pass	pass [5]	pass	↑ RHBZ #1437213 ↑ RHBZ #1437209 ↑ RHBZ #1437363 ↑ 1437363 not yet mentioned on testcase wiki ↑ with https://koji.fedoraproject.org/koji/taskinfo?taskID=18679218
mvala						warn [1] pass	↑ SSL missing in FUTURE
pkis		pass	warn [1] [2]	pass			↑ RHBZ #1437449 ↑ The test pass, but an usability issue was filed: BZ#1437449
pmikova						warn [1]	↑ useSystemPropertiesFile=true sudo update-crypto-policies --set FUTURE https://www.elsteronline.de/eportal/KonfigurationsAssistentA.tax?requestaction=KonfigurationsAssistentA.tax - Error performing TLS handshake: The signature algorithm is not supported. java CipherList | wc -l is 25 on FUTURE but java CipherList | wc -l is 36 on DEFAULT diff https://gist.github.com/sparkoo/ef37b8624f922b5c08d084dde23bdad4
pschindl	Updated F26	fail [1] [2] [3]	pass	pass			↑ RHBZ #1437213 ↑ RHBZ #1437209 ↑ RHBZ #1437363
zdenek		pass [1]	pass		fail [2]		↑ Commands were completed without FAIL ↑ Test part 3.: Web pages https://3des.badssl.com/ and https://rc4.badssl.com/ were failing for all 3 profiles.

User driven[edit]

User	Profile	FUTURE profile with commonly visited sites	Specific apps	Own app	References
akashche	F26 in Docker	pass		pass [1]	↑ Tried FUTURE with https://github.com/ojdkbuild/contrib_update-notifier , https://github.com/staticlibs/staticlib_httpserver and https://github.com/staticlibs/staticlib_httpclient