Skip to content

Revert RL9 crypto policy to DEFAULT #2084

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
priteau wants to merge 1 commit into
base: stackhpc/2025.1
Choose a base branch
from
Open

Revert RL9 crypto policy to DEFAULT #2084

priteau wants to merge 1 commit into from

Conversation

@priteau
Copy link
Member

@priteau priteau commented Jan 13, 2026

This should resolve SSH issues with some modern key types such as ed25519.

@priteau priteau self-assigned this Jan 13, 2026
@priteau priteau requested a review from a team as a code owner January 13, 2026 22:51
gemini-code-assist[bot]
gemini-code-assist bot reviewed Jan 13, 2026
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request correctly reverts the RHEL 9 crypto policy from FIPS to DEFAULT to allow the use of modern SSH key types like ed25519. The change is well-documented with a new comment and a release note.

However, for this change to be fully effective, a related modification is required in a file not included in this PR's changes. The file etc/kayobe/ansible/maintenance/cis.yml contains an Ansible assertion that explicitly blocks the use of ed25519 keys on Red Hat systems. This assertion was relevant for the FIPS policy but now contradicts the goal of this PR. It should be removed to prevent failures for users who wish to use ed25519 keys.

I've also added one suggestion to improve the clarity of comments in the configuration file.

mnasiadka
mnasiadka previously approved these changes Jan 14, 2026
View reviewed changes
@priteau
Revert RL9 crypto policy to DEFAULT
8516ab3 
This should resolve SSH issues with some modern key types such as
ed25519.
@priteau priteau force-pushed the rhel9cis-crypto-policy branch from 77eb16d to 8516ab3 Compare January 14, 2026 09:00
@priteau priteau requested a review from mnasiadka January 14, 2026 09:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mnasiadka mnasiadka Awaiting requested review from mnasiadka

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@priteau priteau

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@priteau @mnasiadka