From Fedora Project Wiki

Crypto Policies

Date 2017-03-30
Time all day

Website QA/Test Days
IRC #fedora-test-day (webirc)
Mailing list test


Can't make the date?
If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find at Bugzilla, and add your results to the results section. If this page is more than a month old when you arrive here, please check the current schedule and see if a similar but more recent Test Day is planned or has already happened.

What to test?[edit]

Today's instalment of Fedora Test Day will focus on crypto-policies

Who's available[edit]

The following cast of characters will be available testing, workarounds, bug fixes, and general discussion. In case of problem related to test day organization/wiki/whatever, please reach out to szidek.

Prerequisite for Test Day[edit]

How to test?[edit]

Update your machine[edit]

If you're running Fedora 26, make sure you have all the current updates for it installed, using the update manager. If you want to try Rawhide, see the instructions on the Rawhide page on the various ways in which you can install or update to Rawhide. Or:

Live image[edit]

Instead of testing with an installed system, you may download a non-destructive nightly live image for your architecture. Tips on using a live image are available at FedoraLiveCD. Live image links can be found here: please be sure to download one for the correct release.

Run the tests[edit]

Visit the result page and click on the column title links to see the tests that need to be run: most column titles are links to a specific test case. Follow the instructions there, then enter your results by clicking the Enter result button for the test.

Reporting bugs[edit]

Include some instructions on how to report bugs, and any special instructions. Here's an example, from a Palimpsest test day:

If you have problems with any of the tests, report a bug to Bugzilla usually for the component crypto-policies, or for particular software using crypto-policies. If you are unsure about exactly how to file the report or what other information to include, just ask on IRC and we will help you.

Test Results[edit]

Results transferred from the result page on 2017-04-10.

Basic[edit]

User Profile Sanity Switching to bogus profile OpenSSH support Firefox Java References
Tenk F26 Alpha 1.7
Pass pass
Pass pass
Pass pass
Fail fail [1]
  1. RHBZ #1437213
akashche F26 running in Docker
Pass pass
[1]
Pass pass
Pass pass
Pass pass
  1. https://bugzilla.redhat.com/show_bug.cgi?id=1437213 - cannot access rc4.badssl.com, 3des.badssl.com worked as expected
coremodule
Pass pass
Pass pass
Pass pass
Warning warn
[1]
Pass pass
  1. For FUTURE, received this output: Unable to negotiate with ::1 port 22: no matching cipher found. Their offer: 3des-cbc
jsedlak
Pass pass
[1]
Pass pass
  1. Everything that was uncommented ran OK.
jvanek
Pass pass
Pass pass
Pass pass
Warning warn
[1]
  1. As mentioned by pmikova and mvala - when FUTURE is selected, nearly no https connection is possible to establish with icedtea-web
krouma
Pass pass
Pass pass
[1]
Pass pass
Fail fail
[2]
Fail fail
Pass pass
  1. Passed even with special symbols and Czech characters
  2. Test part 3.: Web pages https://3des.badssl.com/ and https://rc4.badssl.com/ were failing for all 3 profiles.
lzachar
Fail fail [1] [2] [3]
[4]
Pass pass
Pass pass
Pass pass
[5]
Pass pass
  1. RHBZ #1437213
  2. RHBZ #1437209
  3. RHBZ #1437363
  4. 1437363 not yet mentioned on testcase wiki
  5. with https://koji.fedoraproject.org/koji/taskinfo?taskID=18679218
mvala
Warning warn
[1]
Pass pass
  1. SSL missing in FUTURE
pkis
Pass pass
Warning warn [1]
[2]
Pass pass
  1. RHBZ #1437449
  2. The test pass, but an usability issue was filed: BZ#1437449
pmikova
Warning warn
[1]
  1. useSystemPropertiesFile=true sudo update-crypto-policies --set FUTURE https://www.elsteronline.de/eportal/KonfigurationsAssistentA.tax?requestaction=KonfigurationsAssistentA.tax - Error performing TLS handshake: The signature algorithm is not supported. java CipherList | wc -l is 25 on FUTURE but java CipherList | wc -l is 36 on DEFAULT diff https://gist.github.com/sparkoo/ef37b8624f922b5c08d084dde23bdad4
pschindl Updated F26
Fail fail [1] [2] [3]
Pass pass
Pass pass
  1. RHBZ #1437213
  2. RHBZ #1437209
  3. RHBZ #1437363
zdenek
Pass pass
[1]
Pass pass
Fail fail
[2]
  1. Commands were completed without FAIL
  2. Test part 3.: Web pages https://3des.badssl.com/ and https://rc4.badssl.com/ were failing for all 3 profiles.

User driven[edit]

User Profile FUTURE profile with commonly visited sites Specific apps Own app References
akashche F26 in Docker
Pass pass
Pass pass
[1]