 |
Thank you for the report. As you know, we are a derivative of RHEL. This means we cannot make changes nor make upgrades to our packages as it would make us incompatible with our upstream. What I would do is recreate your issue on RHEL 9.4 and submit an issue to https://issues.redhat.com. With that said, CentOS Stream 9 upgrades openssl to 3.2.1. However, that upgrade will not arrive until 9.5. If it is found that the issue is not reproducible in RHEL, then we can attempt to track down where the issue is in our builds to fix the issue. |
 |
Hi Louis, sounds like a plan -- I will take it up to Red Hat's issue tracker. Thanks! |
|
|
Sigh.. might be a bit. somehow I have messed up my login at redhat.com. |
|
|
Done: https://issues.redhat.com/browse/RHEL-39899 |
|
|
Hello! I think you can consider this resolved as a "nothing to do" -- it turns out it's as simple as, to quote the reply from Red Hat: Can you try with 3.0.7 and 3.2.2 with the SHA1 crypto-policy module? I'm guessing swtpm may be requiring a signature with SHA-1, which does not work by default on RHEL 9 and up, but does work by default in the Fedora builds. Run update-crypto-policies --set DEFAULT:SHA1 to switch to that. Even 3.0.7 works just fine with this setting. As an aside -- RHEL 9.5 is coming with openssl 3.2.2 (which has also been tested with this config change now). So this boils down to more of a "documentation" kind of thing now. I consider this resolved now so long as y'all do too! |
- Anonymous
