Mock Version: 3.5 Mock Version: 3.5 Mock Version: 3.5 ENTER ['do_with_status'](['bash', '--login', '-c', '/usr/bin/rpmbuild -bs --noclean --target noarch --nodeps /builddir/build/SPECS/crypto-policies.spec'], chrootPath='/var/lib/mock/dist-circle9-build-120965-85718/root'env={'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'}shell=Falselogger=timeout=86400uid=994gid=135user='mockbuild'nspawn_args=[]unshare_net=TrueprintOutput=False) Executing command: ['bash', '--login', '-c', '/usr/bin/rpmbuild -bs --noclean --target noarch --nodeps /builddir/build/SPECS/crypto-policies.spec'] with env {'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'} and shell False Building target platforms: noarch Building for target noarch setting SOURCE_DATE_EPOCH=1706832000 Wrote: /builddir/build/SRPMS/crypto-policies-20240202-1.git283706d.el9.src.rpm Child return code was: 0 ENTER ['do_with_status'](['bash', '--login', '-c', '/usr/bin/rpmbuild -bb --noclean --target noarch --nodeps /builddir/build/SPECS/crypto-policies.spec'], chrootPath='/var/lib/mock/dist-circle9-build-120965-85718/root'env={'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'}shell=Falselogger=timeout=86400uid=994gid=135user='mockbuild'nspawn_args=[]unshare_net=TrueprintOutput=False) Executing command: ['bash', '--login', '-c', '/usr/bin/rpmbuild -bb --noclean --target noarch --nodeps /builddir/build/SPECS/crypto-policies.spec'] with env {'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;\\007"', 'PS1': ' \\s-\\v\\$ ', 'LANG': 'C.UTF-8'} and shell False Building target platforms: noarch Building for target noarch setting SOURCE_DATE_EPOCH=1706832000 Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.AnbF8A + umask 022 + cd /builddir/build/BUILD + cd /builddir/build/BUILD + rm -rf fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f + /usr/bin/gzip -dc /builddir/build/SOURCES/crypto-policies-git283706d.tar.gz + /usr/bin/tar -xof - + STATUS=0 + '[' 0 -ne 0 ']' + cd fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . + RPM_EC=0 ++ jobs -p + exit 0 Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.pZRMzS + umask 022 + cd /builddir/build/BUILD + cd fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f + sed -i 's/MIN_RSA_DEFAULT = .*/MIN_RSA_DEFAULT = '\''RequiredRSASize'\''/' python/policygenerators/openssh.py + grep 'MIN_RSA_DEFAULT = '\''RequiredRSASize'\''' python/policygenerators/openssh.py MIN_RSA_DEFAULT = 'RequiredRSASize' + /usr/bin/make -O -j32 V=1 VERBOSE=1 asciidoc -v -d manpage -b docbook fips-finish-install.8.txt xsltproc --nonet -o fips-finish-install.8 /usr/share/asciidoc/docbook-xsl/manpage.xsl fips-finish-install.8.xml asciidoc: reading: /etc/asciidoc/asciidoc.conf asciidoc: reading: /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/fips-finish-install.8.txt asciidoc: reading: /etc/asciidoc/docbook45.conf asciidoc: reading: /etc/asciidoc/filters/code/code-filter.conf asciidoc: reading: /etc/asciidoc/filters/graphviz/graphviz-filter.conf asciidoc: reading: /etc/asciidoc/filters/source/source-highlight-filter.conf asciidoc: reading: /etc/asciidoc/lang-en.conf asciidoc: writing: /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/fips-finish-install.8.xml Note: Writing fips-finish-install.8 asciidoc -v -d manpage -b docbook fips-mode-setup.8.txt xsltproc --nonet -o fips-mode-setup.8 /usr/share/asciidoc/docbook-xsl/manpage.xsl fips-mode-setup.8.xml asciidoc: reading: /etc/asciidoc/asciidoc.conf asciidoc: reading: /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/fips-mode-setup.8.txt asciidoc: reading: /etc/asciidoc/docbook45.conf asciidoc: reading: /etc/asciidoc/filters/code/code-filter.conf asciidoc: reading: /etc/asciidoc/filters/graphviz/graphviz-filter.conf asciidoc: reading: /etc/asciidoc/filters/source/source-highlight-filter.conf asciidoc: reading: /etc/asciidoc/lang-en.conf asciidoc: writing: /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/fips-mode-setup.8.xml Note: Writing fips-mode-setup.8 asciidoc -v -d manpage -b docbook update-crypto-policies.8.txt xsltproc --nonet -o update-crypto-policies.8 /usr/share/asciidoc/docbook-xsl/manpage.xsl update-crypto-policies.8.xml asciidoc: reading: /etc/asciidoc/asciidoc.conf asciidoc: reading: /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/update-crypto-policies.8.txt asciidoc: reading: /etc/asciidoc/docbook45.conf asciidoc: reading: /etc/asciidoc/filters/code/code-filter.conf asciidoc: reading: /etc/asciidoc/filters/graphviz/graphviz-filter.conf asciidoc: reading: /etc/asciidoc/filters/source/source-highlight-filter.conf asciidoc: reading: /etc/asciidoc/lang-en.conf asciidoc: writing: /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/update-crypto-policies.8.xml Note: Writing update-crypto-policies.8 asciidoc -v -d manpage -b docbook crypto-policies.7.txt xsltproc --nonet -o crypto-policies.7 /usr/share/asciidoc/docbook-xsl/manpage.xsl crypto-policies.7.xml asciidoc: reading: /etc/asciidoc/asciidoc.conf asciidoc: reading: /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/crypto-policies.7.txt asciidoc: reading: /etc/asciidoc/docbook45.conf asciidoc: reading: /etc/asciidoc/filters/code/code-filter.conf asciidoc: reading: /etc/asciidoc/filters/graphviz/graphviz-filter.conf asciidoc: reading: /etc/asciidoc/filters/source/source-highlight-filter.conf asciidoc: reading: /etc/asciidoc/lang-en.conf asciidoc: writing: /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/crypto-policies.7.xml Note: Writing crypto-policies.7 mkdir -p output python/build-crypto-policies.py --reloadcmds policies output Saving config for bind for policy DEFAULT Saving config for gnutls for policy DEFAULT Saving config for java for policy DEFAULT Saving config for javasystem for policy DEFAULT Saving config for krb5 for policy DEFAULT Saving config for libreswan for policy DEFAULT Saving config for libssh for policy DEFAULT Saving config for nss for policy DEFAULT Saving config for openssh for policy DEFAULT Saving config for opensshserver for policy DEFAULT Saving config for opensslcnf for policy DEFAULT Saving config for openssl_fips for policy DEFAULT Saving config for openssl for policy DEFAULT Saving config for bind for policy EMPTY Saving config for gnutls for policy EMPTY Saving config for java for policy EMPTY Saving config for javasystem for policy EMPTY Saving config for krb5 for policy EMPTY Saving config for libreswan for policy EMPTY Saving config for libssh for policy EMPTY Saving config for nss for policy EMPTY Saving config for openssh for policy EMPTY Saving config for opensshserver for policy EMPTY Saving config for opensslcnf for policy EMPTY Saving config for openssl_fips for policy EMPTY Saving config for openssl for policy EMPTY Saving config for bind for policy FIPS Saving config for gnutls for policy FIPS Saving config for java for policy FIPS Saving config for javasystem for policy FIPS Saving config for krb5 for policy FIPS Saving config for libreswan for policy FIPS Saving config for libssh for policy FIPS Saving config for nss for policy FIPS Saving config for openssh for policy FIPS Saving config for opensshserver for policy FIPS Saving config for opensslcnf for policy FIPS Saving config for openssl_fips for policy FIPS Saving config for openssl for policy FIPS Saving config for bind for policy FUTURE Saving config for gnutls for policy FUTURE Saving config for java for policy FUTURE Saving config for javasystem for policy FUTURE Saving config for krb5 for policy FUTURE Saving config for libreswan for policy FUTURE Saving config for libssh for policy FUTURE Saving config for nss for policy FUTURE Saving config for openssh for policy FUTURE Saving config for opensshserver for policy FUTURE Saving config for opensslcnf for policy FUTURE Saving config for openssl_fips for policy FUTURE Saving config for openssl for policy FUTURE Saving config for bind for policy LEGACY Saving config for gnutls for policy LEGACY Saving config for java for policy LEGACY Saving config for javasystem for policy LEGACY Saving config for krb5 for policy LEGACY Saving config for libreswan for policy LEGACY Saving config for libssh for policy LEGACY Saving config for nss for policy LEGACY Saving config for openssh for policy LEGACY Saving config for opensshserver for policy LEGACY Saving config for opensslcnf for policy LEGACY Saving config for openssl_fips for policy LEGACY Saving config for openssl for policy LEGACY gnutls[2]: Enabled GnuTLS 3.8.3 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel SHA was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpc6rlkrtn mtime 1732347891 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: RSA is enabled for KX NSS-POLICY-INFO: DHE-RSA is enabled for KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for KX NSS-POLICY-INFO: ECDHE-RSA is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 16 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 12 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 4 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5 NSS-POLICY-INFO: NUMBER-OF-OTHER-KX: 4 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. gnutls[2]: Enabled GnuTLS 3.8.3 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel SHA was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpachrcd3e mtime 1732347891 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: DHE-RSA is enabled for KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for KX NSS-POLICY-INFO: ECDHE-RSA is enabled for KX NSS-POLICY-INFO: TLS-REQUIRE-EMS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 15 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 5 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 11 NSS-POLICY-INFO: NUMBER-OF-ECC: 4 NSS-POLICY-INFO: NUMBER-OF-HASH: 4 NSS-POLICY-INFO: NUMBER-OF-MAC: 3 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 2 NSS-POLICY-INFO: NUMBER-OF-OTHER-KX: 4 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 8 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. gnutls[2]: Enabled GnuTLS 3.8.3 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel SHA was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmprox21eit mtime 1732347891 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: DHE-RSA is enabled for KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for KX NSS-POLICY-INFO: ECDHE-RSA is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 14 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 5 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 11 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 3 NSS-POLICY-INFO: NUMBER-OF-MAC: 3 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 2 NSS-POLICY-INFO: NUMBER-OF-OTHER-KX: 3 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 8 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. gnutls[2]: Enabled GnuTLS 3.8.3 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel SHA was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: marking hash SHAKE-128 as secure gnutls[2]: cfg: marking hash SHA1 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure gnutls[2]: cfg: marking signature RSA-SHA1 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature rsa-sha1 as secure for certs gnutls[2]: cfg: marking signature dsa-sha1 as secure for certs gnutls[2]: cfg: marking signature ecdsa-sha1 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmp4flxurs_ mtime 1732347891 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA1 is enabled for KX NSS-POLICY-INFO: SHA1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: RSA is enabled for KX NSS-POLICY-INFO: DHE-RSA is enabled for KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for KX NSS-POLICY-INFO: ECDHE-RSA is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 17 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 13 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 5 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5 NSS-POLICY-INFO: NUMBER-OF-OTHER-KX: 4 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. + RPM_EC=0 ++ jobs -p + exit 0 Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.nyXxtl + umask 022 + cd /builddir/build/BUILD + '[' /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch '!=' / ']' + rm -rf /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch ++ dirname /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch + mkdir -p /builddir/build/BUILDROOT + mkdir /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch + cd fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f + mkdir -p -m 755 /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/ + mkdir -p -m 755 /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/ + mkdir -p -m 755 /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/etc/crypto-policies/back-ends/ + mkdir -p -m 755 /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/etc/crypto-policies/state/ + mkdir -p -m 755 /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/etc/crypto-policies/local.d/ + mkdir -p -m 755 /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/etc/crypto-policies/policies/ + mkdir -p -m 755 /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/etc/crypto-policies/policies/modules/ + mkdir -p -m 755 /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/bin + make DESTDIR=/builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch DIR=/usr/share/crypto-policies MANDIR=/usr/share/man -j32 install mkdir -p /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/man mkdir -p /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/man/man7 mkdir -p /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/man/man8 mkdir -p /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/bin install -p -m 644 crypto-policies.7 /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/man/man7 install -p -m 644 update-crypto-policies.8 fips-finish-install.8 fips-mode-setup.8 /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/man/man8 install -p -m 755 update-crypto-policies fips-finish-install fips-mode-setup /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/bin mkdir -p /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/ install -p -m 644 default-config /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies install -p -m 644 output/reload-cmds.sh /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies for f in $(find output -name '*.txt') ; do d=$(dirname $f | cut -f 2- -d '/') ; install -p -m 644 -D -t /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d $f ; done for f in $(find policies -name '*.p*') ; do d=$(dirname $f) ; install -p -m 644 -D -t /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d $f ; done for f in $(find python -name '*.py') ; do d=$(dirname $f) ; install -p -m 644 -D -t /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d $f ; done chmod 755 /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python/update-crypto-policies.py chmod 755 /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python/build-crypto-policies.py + install -p -m 644 default-config /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/etc/crypto-policies/config + touch /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/etc/crypto-policies/state/current + touch /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/etc/crypto-policies/state/CURRENT.pol + rm -rf /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/EMPTY + for d in LEGACY DEFAULT FUTURE FIPS + mkdir -p -m 755 /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/LEGACY + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/LEGACY/bind.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/LEGACY/bind.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/LEGACY/bind.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/LEGACY/gnutls.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/LEGACY/gnutls.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/LEGACY/gnutls.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/LEGACY/java.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/LEGACY/java.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/LEGACY/java.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/LEGACY/javasystem.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/LEGACY/javasystem.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/LEGACY/javasystem.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/LEGACY/krb5.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/LEGACY/krb5.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/LEGACY/krb5.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/LEGACY/libreswan.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/LEGACY/libreswan.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/LEGACY/libreswan.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/LEGACY/libssh.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/LEGACY/libssh.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/LEGACY/libssh.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/LEGACY/nss.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/LEGACY/nss.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/LEGACY/nss.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/LEGACY/openssh.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/LEGACY/openssh.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/LEGACY/openssh.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/LEGACY/opensshserver.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/LEGACY/opensshserver.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/LEGACY/opensshserver.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/LEGACY/openssl.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/LEGACY/openssl.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/LEGACY/openssl.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/LEGACY/openssl_fips.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/LEGACY/openssl_fips.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/LEGACY/openssl_fips.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/LEGACY/opensslcnf.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/LEGACY/opensslcnf.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/LEGACY/opensslcnf.config + for d in LEGACY DEFAULT FUTURE FIPS + mkdir -p -m 755 /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/DEFAULT + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/bind.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/bind.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/DEFAULT/bind.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/gnutls.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/gnutls.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/DEFAULT/gnutls.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/java.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/java.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/DEFAULT/java.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/javasystem.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/javasystem.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/DEFAULT/javasystem.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/krb5.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/krb5.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/DEFAULT/krb5.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/libreswan.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/libreswan.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/DEFAULT/libreswan.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/libssh.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/libssh.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/DEFAULT/libssh.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/nss.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/nss.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/DEFAULT/nss.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/openssh.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/openssh.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/DEFAULT/openssh.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/opensshserver.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/opensshserver.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/DEFAULT/opensshserver.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/openssl.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/openssl.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/DEFAULT/openssl.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/openssl_fips.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/openssl_fips.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/DEFAULT/openssl_fips.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/opensslcnf.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/opensslcnf.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/DEFAULT/opensslcnf.config + for d in LEGACY DEFAULT FUTURE FIPS + mkdir -p -m 755 /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/FUTURE + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FUTURE/bind.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FUTURE/bind.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/FUTURE/bind.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FUTURE/gnutls.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FUTURE/gnutls.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/FUTURE/gnutls.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FUTURE/java.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FUTURE/java.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/FUTURE/java.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FUTURE/javasystem.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FUTURE/javasystem.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/FUTURE/javasystem.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FUTURE/krb5.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FUTURE/krb5.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/FUTURE/krb5.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FUTURE/libreswan.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FUTURE/libreswan.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/FUTURE/libreswan.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FUTURE/libssh.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FUTURE/libssh.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/FUTURE/libssh.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FUTURE/nss.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FUTURE/nss.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/FUTURE/nss.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FUTURE/openssh.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FUTURE/openssh.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/FUTURE/openssh.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FUTURE/opensshserver.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FUTURE/opensshserver.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/FUTURE/opensshserver.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FUTURE/openssl.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FUTURE/openssl.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/FUTURE/openssl.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FUTURE/openssl_fips.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FUTURE/openssl_fips.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/FUTURE/openssl_fips.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FUTURE/opensslcnf.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FUTURE/opensslcnf.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/FUTURE/opensslcnf.config + for d in LEGACY DEFAULT FUTURE FIPS + mkdir -p -m 755 /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/FIPS + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FIPS/bind.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FIPS/bind.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/FIPS/bind.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FIPS/gnutls.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FIPS/gnutls.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/FIPS/gnutls.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FIPS/java.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FIPS/java.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/FIPS/java.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FIPS/javasystem.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FIPS/javasystem.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/FIPS/javasystem.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FIPS/krb5.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FIPS/krb5.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/FIPS/krb5.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FIPS/libreswan.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FIPS/libreswan.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/FIPS/libreswan.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FIPS/libssh.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FIPS/libssh.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/FIPS/libssh.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FIPS/nss.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FIPS/nss.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/FIPS/nss.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FIPS/openssh.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FIPS/openssh.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/FIPS/openssh.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FIPS/opensshserver.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FIPS/opensshserver.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/FIPS/opensshserver.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FIPS/openssl.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FIPS/openssl.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/FIPS/openssl.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FIPS/openssl_fips.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FIPS/openssl_fips.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/FIPS/openssl_fips.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/$d/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FIPS/opensslcnf.txt .txt + ln /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/FIPS/opensslcnf.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/back-ends/FIPS/opensslcnf.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/bind.txt ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/bind.txt .txt + ln -sf /usr/share/crypto-policies/DEFAULT/bind.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/etc/crypto-policies/back-ends/bind.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/gnutls.txt ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/gnutls.txt .txt + ln -sf /usr/share/crypto-policies/DEFAULT/gnutls.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/etc/crypto-policies/back-ends/gnutls.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/java.txt ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/java.txt .txt + ln -sf /usr/share/crypto-policies/DEFAULT/java.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/etc/crypto-policies/back-ends/java.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/javasystem.txt ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/javasystem.txt .txt + ln -sf /usr/share/crypto-policies/DEFAULT/javasystem.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/etc/crypto-policies/back-ends/javasystem.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/krb5.txt ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/krb5.txt .txt + ln -sf /usr/share/crypto-policies/DEFAULT/krb5.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/etc/crypto-policies/back-ends/krb5.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/libreswan.txt ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/libreswan.txt .txt + ln -sf /usr/share/crypto-policies/DEFAULT/libreswan.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/etc/crypto-policies/back-ends/libreswan.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/libssh.txt ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/libssh.txt .txt + ln -sf /usr/share/crypto-policies/DEFAULT/libssh.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/etc/crypto-policies/back-ends/libssh.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/nss.txt ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/nss.txt .txt + ln -sf /usr/share/crypto-policies/DEFAULT/nss.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/etc/crypto-policies/back-ends/nss.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/openssh.txt ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/openssh.txt .txt + ln -sf /usr/share/crypto-policies/DEFAULT/openssh.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/etc/crypto-policies/back-ends/openssh.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/opensshserver.txt ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/opensshserver.txt .txt + ln -sf /usr/share/crypto-policies/DEFAULT/opensshserver.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/etc/crypto-policies/back-ends/opensshserver.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/openssl.txt ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/openssl.txt .txt + ln -sf /usr/share/crypto-policies/DEFAULT/openssl.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/etc/crypto-policies/back-ends/openssl.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/openssl_fips.txt ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/openssl_fips.txt .txt + ln -sf /usr/share/crypto-policies/DEFAULT/openssl_fips.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/etc/crypto-policies/back-ends/openssl_fips.config + for f in /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/* ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/opensslcnf.txt ++ basename /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/DEFAULT/opensslcnf.txt .txt + ln -sf /usr/share/crypto-policies/DEFAULT/opensslcnf.txt /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/etc/crypto-policies/back-ends/opensslcnf.config + [[ /usr/bin/python3 =~ - ]] ++ /usr/bin/python3 -c 'import sys; sys.stdout.write('\''{0.major}{0.minor}'\''.format(sys.version_info))' + python_version=39 + '[' 39 -ge 39 ']' + py39_byte_compile /usr/bin/python3 /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python + python_binary='env PYTHONHASHSEED=0 /usr/bin/python3' + bytecode_compilation_path=/builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python + env PYTHONHASHSEED=0 /usr/bin/python3 -s -B -m compileall -o 0 -o 1 -s /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch -p / /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python Listing '/builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python'... Compiling '/builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python/build-crypto-policies.py'... Listing '/builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python/cryptopolicies'... Compiling '/builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python/cryptopolicies/__init__.py'... Compiling '/builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python/cryptopolicies/alg_lists.py'... Compiling '/builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python/cryptopolicies/cryptopolicies.py'... Listing '/builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python/cryptopolicies/validation'... Compiling '/builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python/cryptopolicies/validation/__init__.py'... Compiling '/builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python/cryptopolicies/validation/alg_lists.py'... Compiling '/builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python/cryptopolicies/validation/general.py'... Compiling '/builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python/cryptopolicies/validation/rules.py'... Compiling '/builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python/cryptopolicies/validation/scope.py'... Listing '/builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python/policygenerators'... Compiling '/builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python/policygenerators/__init__.py'... Compiling '/builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python/policygenerators/bind.py'... Compiling '/builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python/policygenerators/configgenerator.py'... Compiling '/builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python/policygenerators/gnutls.py'... Compiling '/builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python/policygenerators/java.py'... Compiling '/builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python/policygenerators/krb5.py'... Compiling '/builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python/policygenerators/libreswan.py'... Compiling '/builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python/policygenerators/libssh.py'... Compiling '/builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python/policygenerators/nss.py'... Compiling '/builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python/policygenerators/openssh.py'... Compiling '/builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python/policygenerators/openssl.py'... Compiling '/builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/crypto-policies/python/update-crypto-policies.py'... + /usr/bin/find-debuginfo -j32 --strict-build-id -m -i --build-id-seed 20240202-1.git283706d.el9 --unique-debug-suffix -20240202-1.git283706d.el9.noarch --unique-debug-src-base crypto-policies-20240202-1.git283706d.el9.noarch --run-dwz --dwz-low-mem-die-limit 10000000 --dwz-max-die-limit 50000000 --remove-section .gnu.build.attributes -S debugsourcefiles.list /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f + /usr/lib/rpm/check-buildroot + /usr/lib/rpm/redhat/brp-ldconfig + /usr/lib/rpm/brp-compress + /usr/lib/rpm/redhat/brp-strip-lto /usr/bin/strip + /usr/lib/rpm/brp-strip-static-archive /usr/bin/strip + /usr/lib/rpm/redhat/brp-python-bytecompile '' 1 0 + /usr/lib/rpm/brp-python-hardlink + /usr/lib/rpm/redhat/brp-mangle-shebangs mangling shebang in /usr/bin/fips-finish-install from /bin/bash to #!/usr/bin/bash mangling shebang in /usr/bin/fips-mode-setup from /bin/bash to #!/usr/bin/bash Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.ykEIyB + umask 022 + cd /builddir/build/BUILD + cd fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f + '[' RequiredRSASize == RequiredRSASize ']' + make ON_RHEL9=1 test ============================= test session starts ============================== platform linux -- Python 3.9.18, pytest-6.2.2, py-1.10.0, pluggy-0.13.1 -- /usr/bin/python3 cachedir: .pytest_cache rootdir: /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f, configfile: pytest.ini collecting ... collected 12 items python/cryptopolicies/alg_lists.py::cryptopolicies.alg_lists.earliest_occurrence PASSED [ 8%] python/cryptopolicies/alg_lists.py::cryptopolicies.alg_lists.glob PASSED [ 16%] python/cryptopolicies/alg_lists.py::cryptopolicies.alg_lists.max_dtls_version PASSED [ 25%] python/cryptopolicies/alg_lists.py::cryptopolicies.alg_lists.max_tls_version PASSED [ 33%] python/cryptopolicies/alg_lists.py::cryptopolicies.alg_lists.min_dtls_version PASSED [ 41%] python/cryptopolicies/alg_lists.py::cryptopolicies.alg_lists.min_tls_version PASSED [ 50%] python/cryptopolicies/cryptopolicies.py::cryptopolicies.cryptopolicies.ScopeSelector.__init__ PASSED [ 58%] python/cryptopolicies/cryptopolicies.py::cryptopolicies.cryptopolicies.ScopeSelector.matches PASSED [ 66%] python/cryptopolicies/cryptopolicies.py::cryptopolicies.cryptopolicies.ScopedPolicy PASSED [ 75%] python/cryptopolicies/cryptopolicies.py::cryptopolicies.cryptopolicies.parse_line PASSED [ 83%] python/cryptopolicies/cryptopolicies.py::cryptopolicies.cryptopolicies.parse_rhs PASSED [ 91%] python/cryptopolicies/cryptopolicies.py::cryptopolicies.cryptopolicies.preprocess_text PASSED [100%] ============================== 12 passed in 0.07s ============================== ============================= test session starts ============================== platform linux -- Python 3.9.18, pytest-6.2.2, py-1.10.0, pluggy-0.13.1 -- /usr/bin/python3 cachedir: .pytest_cache rootdir: /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f, configfile: pytest.ini collecting ... collected 45 items tests/unit/test_alg_lists.py::test_glob_alg_sanity PASSED [ 2%] tests/unit/test_alg_lists.py::test_glob_alg_globbing PASSED [ 4%] tests/unit/test_alg_lists.py::test_glob_alg_algorithm_empty PASSED [ 6%] tests/unit/test_alg_lists.py::test_glob_alg_algorithm_class_unknown PASSED [ 8%] tests/unit/test_alg_lists.py::test_min_versions PASSED [ 11%] tests/unit/test_alg_lists.py::test_max_versions PASSED [ 13%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_is_empty PASSED [ 15%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_not_found PASSED [ 17%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_smoke_broken PASSED [ 20%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_smoke_basic PASSED [ 22%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_smoke_subpolicy PASSED [ 24%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_smoke_several_subpolicies PASSED [ 26%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_compat_diamond_new_recommended PASSED [ 28%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_compat_diamond_old_recommended PASSED [ 31%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_compat_diamond_breaking1 PASSED [ 33%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_compat_diamond_breaking2 PASSED [ 35%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_sha1_in_dnssec PASSED [ 37%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_compat_to_enum PASSED [ 40%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_compat_scoped_ssh_etm_to_enum PASSED [ 42%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_prepend_order PASSED [ 44%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_no_duplicates PASSED [ 46%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_minver PASSED [ 48%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_maxver PASSED [ 51%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_to_string_empty PASSED [ 53%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_to_string_twisted PASSED [ 55%] tests/unit/test_parse_line.py::test_parse_line PASSED [ 57%] tests/unit/test_parse_line.py::test_parse_bad PASSED [ 60%] tests/unit/test_parse_rhs.py::test_parse_rhs PASSED [ 62%] tests/unit/test_preprocess_text.py::test_preprocess_text_basics PASSED [ 64%] tests/unit/test_preprocess_text.py::test_preprocess_text_compat PASSED [ 66%] tests/unit/test_preprocess_text.py::test_preprocess_text_compat_problematic PASSED [ 68%] tests/unit/test_preprocess_text.py::test_preprocess_text_compat_diamond_problem PASSED [ 71%] tests/unit/test_scope_selector.py::test_scope_selector_any PASSED [ 73%] tests/unit/test_scope_selector.py::test_scope_selector_tls PASSED [ 75%] tests/unit/test_scope_selector.py::test_scope_selector_nontls PASSED [ 77%] tests/unit/test_scope_selector.py::test_scope_selector_posglob PASSED [ 80%] tests/unit/test_scope_selector.py::test_scope_selector_negglob PASSED [ 82%] tests/unit/test_scope_selector.py::test_scope_selector_posmixed PASSED [ 84%] tests/unit/test_scope_selector.py::test_scope_selector_negmixed PASSED [ 86%] tests/unit/test_scope_selector.py::test_scope_selector_curly_brackets PASSED [ 88%] tests/unit/test_scope_selector.py::test_scope_selector_empty PASSED [ 91%] tests/unit/test_scope_selector.py::test_scope_selector_illegal_character PASSED [ 93%] tests/unit/test_scope_selector.py::test_scope_selector_comma PASSED [ 95%] tests/unit/test_scope_selector.py::test_scope_selector_unknown PASSED [ 97%] tests/unit/test_scope_selector.py::test_scope_selector_nomatch PASSED [100%] ============================== 45 passed in 0.13s ============================== python/build-crypto-policies.py --strict --test --flat policies tests/outputs gnutls[2]: Enabled GnuTLS 3.8.3 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel SHA was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmp2fop0qak mtime 1732347893 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: RSA is enabled for KX NSS-POLICY-INFO: DHE-RSA is enabled for KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for KX NSS-POLICY-INFO: ECDHE-RSA is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 16 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 12 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 4 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5 NSS-POLICY-INFO: NUMBER-OF-OTHER-KX: 4 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. gnutls[2]: Enabled GnuTLS 3.8.3 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel SHA was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmprr32mxa4 mtime 1732347893 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: DHE-RSA is enabled for KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for KX NSS-POLICY-INFO: ECDHE-RSA is enabled for KX NSS-POLICY-INFO: TLS-REQUIRE-EMS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 15 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 5 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 11 NSS-POLICY-INFO: NUMBER-OF-ECC: 4 NSS-POLICY-INFO: NUMBER-OF-HASH: 4 NSS-POLICY-INFO: NUMBER-OF-MAC: 3 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 2 NSS-POLICY-INFO: NUMBER-OF-OTHER-KX: 4 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 8 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. gnutls[2]: Enabled GnuTLS 3.8.3 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel SHA was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpg5xm6oc4 mtime 1732347893 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: DHE-RSA is enabled for KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for KX NSS-POLICY-INFO: ECDHE-RSA is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 14 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 5 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 11 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 3 NSS-POLICY-INFO: NUMBER-OF-MAC: 3 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 2 NSS-POLICY-INFO: NUMBER-OF-OTHER-KX: 3 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 8 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. gnutls[2]: Enabled GnuTLS 3.8.3 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel SHA was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: marking hash SHAKE-128 as secure gnutls[2]: cfg: marking hash SHA1 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure gnutls[2]: cfg: marking signature RSA-SHA1 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature rsa-sha1 as secure for certs gnutls[2]: cfg: marking signature dsa-sha1 as secure for certs gnutls[2]: cfg: marking signature ecdsa-sha1 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpzs88etsu mtime 1732347893 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA1 is enabled for KX NSS-POLICY-INFO: SHA1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: RSA is enabled for KX NSS-POLICY-INFO: DHE-RSA is enabled for KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for KX NSS-POLICY-INFO: ECDHE-RSA is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 17 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 13 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 5 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5 NSS-POLICY-INFO: NUMBER-OF-OTHER-KX: 4 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. python/build-crypto-policies.py --strict --policy DEFAULT:SHA1 --test --flat policies tests/outputs gnutls[2]: Enabled GnuTLS 3.8.3 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel SHA was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: marking hash SHA1 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure gnutls[2]: cfg: marking signature RSA-SHA1 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature rsa-sha1 as secure for certs gnutls[2]: cfg: marking signature dsa-sha1 as secure for certs gnutls[2]: cfg: marking signature ecdsa-sha1 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpxj0_psv2 mtime 1732347893 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA1 is enabled for KX NSS-POLICY-INFO: SHA1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: RSA is enabled for KX NSS-POLICY-INFO: DHE-RSA is enabled for KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for KX NSS-POLICY-INFO: ECDHE-RSA is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 17 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 13 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 5 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5 NSS-POLICY-INFO: NUMBER-OF-OTHER-KX: 4 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. python/build-crypto-policies.py --strict --policy FIPS:OSPP --test --flat policies tests/outputs gnutls[2]: Enabled GnuTLS 3.8.3 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel SHA was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpjkczcyp0 mtime 1732347893 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: SECP384R1 is enabled for KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: DHE-RSA is enabled for KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for KX NSS-POLICY-INFO: ECDHE-RSA is enabled for KX NSS-POLICY-INFO: TLS-REQUIRE-EMS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 12 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 4 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 8 NSS-POLICY-INFO: NUMBER-OF-ECC: 2 NSS-POLICY-INFO: NUMBER-OF-HASH: 3 NSS-POLICY-INFO: NUMBER-OF-MAC: 3 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 1 NSS-POLICY-INFO: NUMBER-OF-OTHER-KX: 4 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 4 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. python/build-crypto-policies.py --strict --policy FIPS:ECDHE-ONLY --test --flat policies tests/outputs gnutls[2]: Enabled GnuTLS 3.8.3 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel SHA was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpzlaf37t1 mtime 1732347893 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: ECDHE-ECDSA is enabled for KX NSS-POLICY-INFO: ECDHE-RSA is enabled for KX NSS-POLICY-INFO: TLS-REQUIRE-EMS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 14 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 5 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 11 NSS-POLICY-INFO: NUMBER-OF-ECC: 4 NSS-POLICY-INFO: NUMBER-OF-HASH: 4 NSS-POLICY-INFO: NUMBER-OF-MAC: 3 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 2 NSS-POLICY-INFO: NUMBER-OF-OTHER-KX: 3 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 6 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. python/build-crypto-policies.py --strict --policy FIPS:NO-ENFORCE-EMS --test --flat policies tests/outputs gnutls[2]: Enabled GnuTLS 3.8.3 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel SHA was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmp745ihdpv mtime 1732347894 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: DHE-RSA is enabled for KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for KX NSS-POLICY-INFO: ECDHE-RSA is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 14 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 5 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 11 NSS-POLICY-INFO: NUMBER-OF-ECC: 4 NSS-POLICY-INFO: NUMBER-OF-HASH: 4 NSS-POLICY-INFO: NUMBER-OF-MAC: 3 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 2 NSS-POLICY-INFO: NUMBER-OF-OTHER-KX: 3 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 8 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. python/build-crypto-policies.py --strict --policy FUTURE:AD-SUPPORT --test --flat policies tests/outputs gnutls[2]: Enabled GnuTLS 3.8.3 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel SHA was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmp3605vf7q mtime 1732347894 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: DHE-RSA is enabled for KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for KX NSS-POLICY-INFO: ECDHE-RSA is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 14 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 5 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 11 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 3 NSS-POLICY-INFO: NUMBER-OF-MAC: 3 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 2 NSS-POLICY-INFO: NUMBER-OF-OTHER-KX: 3 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 8 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. python/build-crypto-policies.py --strict --policy LEGACY:AD-SUPPORT-LEGACY --test --flat policies tests/outputs gnutls[2]: Enabled GnuTLS 3.8.3 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel SHA was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: marking hash SHAKE-128 as secure gnutls[2]: cfg: marking hash SHA1 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure gnutls[2]: cfg: marking signature RSA-SHA1 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature rsa-sha1 as secure for certs gnutls[2]: cfg: marking signature dsa-sha1 as secure for certs gnutls[2]: cfg: marking signature ecdsa-sha1 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpj4w9xrep mtime 1732347894 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA1 is enabled for KX NSS-POLICY-INFO: SHA1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: RSA is enabled for KX NSS-POLICY-INFO: DHE-RSA is enabled for KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for KX NSS-POLICY-INFO: ECDHE-RSA is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 17 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 13 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 5 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5 NSS-POLICY-INFO: NUMBER-OF-OTHER-KX: 4 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. tests/openssl.pl Checking the OpenSSL configuration Checking policy DEFAULT TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES256-CCM:AES128-GCM-SHA256:AES128-CCM:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-CCM:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-CCM:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:PSK-AES256-CCM:PSK-AES128-GCM-SHA256:PSK-AES128-CCM:PSK-AES256-CBC-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA:DHE-PSK-AES256-GCM-SHA384:DHE-PSK-CHACHA20-POLY1305:DHE-PSK-AES256-CCM:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-CCM:DHE-PSK-AES256-CBC-SHA:DHE-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA:ECDHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:RSA-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:RSA-PSK-AES256-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA Checking policy DEFAULT:SHA1 TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES256-CCM:AES128-GCM-SHA256:AES128-CCM:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-CCM:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-CCM:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:PSK-AES256-CCM:PSK-AES128-GCM-SHA256:PSK-AES128-CCM:PSK-AES256-CBC-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA:DHE-PSK-AES256-GCM-SHA384:DHE-PSK-CHACHA20-POLY1305:DHE-PSK-AES256-CCM:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-CCM:DHE-PSK-AES256-CBC-SHA:DHE-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA:ECDHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:RSA-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:RSA-PSK-AES256-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA Checking policy EMPTY Checking policy FIPS TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-CCM:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-CCM:PSK-AES256-GCM-SHA384:PSK-AES256-CCM:PSK-AES128-GCM-SHA256:PSK-AES128-CCM:DHE-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-CCM:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-CCM Checking policy FIPS:ECDHE-ONLY TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM Checking policy FIPS:NO-ENFORCE-EMS TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-CCM:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-CCM:PSK-AES256-GCM-SHA384:PSK-AES256-CCM:PSK-AES128-GCM-SHA256:PSK-AES128-CCM:DHE-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-CCM:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-CCM Checking policy FIPS:OSPP TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384 Checking policy FUTURE TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-CCM:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:PSK-AES256-CCM:DHE-PSK-AES256-GCM-SHA384:DHE-PSK-CHACHA20-POLY1305:DHE-PSK-AES256-CCM:ECDHE-PSK-CHACHA20-POLY1305 Checking policy FUTURE:AD-SUPPORT TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-CCM:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:PSK-AES256-CCM:DHE-PSK-AES256-GCM-SHA384:DHE-PSK-CHACHA20-POLY1305:DHE-PSK-AES256-CCM:ECDHE-PSK-CHACHA20-POLY1305 Checking policy LEGACY TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES256-CCM:AES128-GCM-SHA256:AES128-CCM:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-CCM:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-CCM:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:PSK-AES256-CCM:PSK-AES128-GCM-SHA256:PSK-AES128-CCM:PSK-AES256-CBC-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA:DHE-PSK-AES256-GCM-SHA384:DHE-PSK-CHACHA20-POLY1305:DHE-PSK-AES256-CCM:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-CCM:DHE-PSK-AES256-CBC-SHA:DHE-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA:ECDHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:RSA-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:RSA-PSK-AES256-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA Checking policy LEGACY:AD-SUPPORT-LEGACY TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES256-CCM:AES128-GCM-SHA256:AES128-CCM:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-CCM:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-CCM:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:PSK-AES256-CCM:PSK-AES128-GCM-SHA256:PSK-AES128-CCM:PSK-AES256-CBC-SHA:PSK-AES128-CBC-SHA256:PSK-AES128-CBC-SHA:DHE-PSK-AES256-GCM-SHA384:DHE-PSK-CHACHA20-POLY1305:DHE-PSK-AES256-CCM:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-CCM:DHE-PSK-AES256-CBC-SHA:DHE-PSK-AES128-CBC-SHA256:DHE-PSK-AES128-CBC-SHA:ECDHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-AES256-CBC-SHA:ECDHE-PSK-AES128-CBC-SHA256:ECDHE-PSK-AES128-CBC-SHA:RSA-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:RSA-PSK-AES128-GCM-SHA256:RSA-PSK-AES256-CBC-SHA:RSA-PSK-AES128-CBC-SHA256:RSA-PSK-AES128-CBC-SHA tests/gnutls.pl Checking the GnuTLS configuration Checking policy DEFAULT Checking policy DEFAULT:SHA1 Checking policy EMPTY Checking policy FIPS Checking policy FIPS:ECDHE-ONLY Checking policy FIPS:NO-ENFORCE-EMS Checking policy FIPS:OSPP Checking policy FUTURE Checking policy FUTURE:AD-SUPPORT Checking policy LEGACY Checking policy LEGACY:AD-SUPPORT-LEGACY tests/nss.py Checking the NSS configuration Checking policy DEFAULT Checking policy DEFAULT:SHA1 Checking policy EMPTY Checking policy FIPS Checking policy FIPS:ECDHE-ONLY Checking policy FIPS:NO-ENFORCE-EMS Checking policy FIPS:OSPP Checking policy FUTURE Checking policy FUTURE:AD-SUPPORT Checking policy LEGACY Checking policy LEGACY:AD-SUPPORT-LEGACY tests/java.pl Checking the Java configuration Java ciphersuites per policy Checking policy DEFAULT TLS_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256 TLS_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_EMPTY_RENEGOTIATION_INFO_SCSV Checking policy DEFAULT:SHA1 TLS_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256 TLS_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_EMPTY_RENEGOTIATION_INFO_SCSV Checking policy EMPTY Checking policy FIPS TLS_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_EMPTY_RENEGOTIATION_INFO_SCSV Checking policy FIPS:ECDHE-ONLY TLS_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_EMPTY_RENEGOTIATION_INFO_SCSV Checking policy FIPS:NO-ENFORCE-EMS TLS_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_EMPTY_RENEGOTIATION_INFO_SCSV Checking policy FIPS:OSPP TLS_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_EMPTY_RENEGOTIATION_INFO_SCSV Checking policy FUTURE TLS_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256 TLS_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_EMPTY_RENEGOTIATION_INFO_SCSV Checking policy FUTURE:AD-SUPPORT TLS_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256 TLS_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_EMPTY_RENEGOTIATION_INFO_SCSV Checking policy LEGACY TLS_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256 TLS_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_EMPTY_RENEGOTIATION_INFO_SCSV Checking policy LEGACY:AD-SUPPORT-LEGACY TLS_AES_256_GCM_SHA384 TLS_AES_128_GCM_SHA256 TLS_CHACHA20_POLY1305_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_EMPTY_RENEGOTIATION_INFO_SCSV tests/krb5.py Skipping krb5 test; checker not found! top_srcdir=. tests/update-crypto-policies.sh Saving config for bind for policy DEFAULT Saving config for gnutls for policy DEFAULT Saving config for java for policy DEFAULT Saving config for javasystem for policy DEFAULT Saving config for krb5 for policy DEFAULT Saving config for libreswan for policy DEFAULT Saving config for libssh for policy DEFAULT Saving config for nss for policy DEFAULT Saving config for openssh for policy DEFAULT Saving config for opensshserver for policy DEFAULT Saving config for opensslcnf for policy DEFAULT Saving config for openssl_fips for policy DEFAULT Saving config for openssl for policy DEFAULT Saving config for bind for policy EMPTY Saving config for gnutls for policy EMPTY Saving config for java for policy EMPTY Saving config for javasystem for policy EMPTY Saving config for krb5 for policy EMPTY Saving config for libreswan for policy EMPTY Saving config for libssh for policy EMPTY Saving config for nss for policy EMPTY Saving config for openssh for policy EMPTY Saving config for opensshserver for policy EMPTY Saving config for opensslcnf for policy EMPTY Saving config for openssl_fips for policy EMPTY Saving config for openssl for policy EMPTY Saving config for bind for policy FIPS Saving config for gnutls for policy FIPS Saving config for java for policy FIPS Saving config for javasystem for policy FIPS Saving config for krb5 for policy FIPS Saving config for libreswan for policy FIPS Saving config for libssh for policy FIPS Saving config for nss for policy FIPS Saving config for openssh for policy FIPS Saving config for opensshserver for policy FIPS Saving config for opensslcnf for policy FIPS Saving config for openssl_fips for policy FIPS Saving config for openssl for policy FIPS Saving config for bind for policy FUTURE Saving config for gnutls for policy FUTURE Saving config for java for policy FUTURE Saving config for javasystem for policy FUTURE Saving config for krb5 for policy FUTURE Saving config for libreswan for policy FUTURE Saving config for libssh for policy FUTURE Saving config for nss for policy FUTURE Saving config for openssh for policy FUTURE Saving config for opensshserver for policy FUTURE Saving config for opensslcnf for policy FUTURE Saving config for openssl_fips for policy FUTURE Saving config for openssl for policy FUTURE Saving config for bind for policy LEGACY Saving config for gnutls for policy LEGACY Saving config for java for policy LEGACY Saving config for javasystem for policy LEGACY Saving config for krb5 for policy LEGACY Saving config for libreswan for policy LEGACY Saving config for libssh for policy LEGACY Saving config for nss for policy LEGACY Saving config for openssh for policy LEGACY Saving config for opensshserver for policy LEGACY Saving config for opensslcnf for policy LEGACY Saving config for openssl_fips for policy LEGACY Saving config for openssl for policy LEGACY tests/update-crypto-policies.sh: checking if default profile is properly selected Setting system policy to DEFAULT Note: System-wide crypto policies are applied on application start-up. It is recommended to restart the system for the change of policies to fully take place. tests/update-crypto-policies.sh: checking if current policy dump is equal to the original default profile PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement Setting system policy to CURRENT Note: System-wide crypto policies are applied on application start-up. It is recommended to restart the system for the change of policies to fully take place. tests/update-crypto-policies.sh: checking if switching to other profile works Setting system policy to LEGACY Note: System-wide crypto policies are applied on application start-up. It is recommended to restart the system for the change of policies to fully take place. tests/update-crypto-policies.sh: checking if local.d works Setting system policy to DEFAULT Note: System-wide crypto policies are applied on application start-up. It is recommended to restart the system for the change of policies to fully take place. tests/update-crypto-policies.sh: checking if --check works (test 1) The configured policy matches the generated policy The configured policy does NOT match the generated policy --check works as expected tests/update-crypto-policies.sh: checking if --check works (test 2) Setting system policy to DEFAULT Note: System-wide crypto policies are applied on application start-up. It is recommended to restart the system for the change of policies to fully take place. The configured policy matches the generated policy The configured policy does NOT match the generated policy --check works as expected cp -r tests/outputs output/alt python/build-crypto-policies.py --test --flat tests/alternative-policies output/alt /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:271: PolicySyntaxDeprecationWarning: option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning('protocol', /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:284: PolicySyntaxDeprecationWarning: option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(fr, to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:284: PolicySyntaxDeprecationWarning: option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(fr, to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:284: PolicySyntaxDeprecationWarning: option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(fr, to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:308: PolicySyntaxDeprecationWarning: option ssh_etm = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and mac@krb5 = -HMAC-SHA1 and mac@krb5 = HMAC-SHA1+ and group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA*-224 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 and cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CTR AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CTR AES-128-CBC and key_exchange = ECDHE RSA DHE DHE-RSA PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 0 and arbitrary_dh_groups = 1 and ssh_certs = 1 and etm@SSH = ANY and cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CBC and cipher@SSH = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR AES-128-GCM AES-128-CTR and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(match_fr, match_to)) gnutls[2]: Enabled GnuTLS 3.8.3 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel SHA was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpplabqp8o mtime 1732347899 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: RSA is enabled for KX NSS-POLICY-INFO: DHE-RSA is enabled for KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for KX NSS-POLICY-INFO: ECDHE-RSA is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 16 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 12 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 4 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5 NSS-POLICY-INFO: NUMBER-OF-OTHER-KX: 4 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:271: PolicySyntaxDeprecationWarning: option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning('protocol', /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:284: PolicySyntaxDeprecationWarning: option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(fr, to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:284: PolicySyntaxDeprecationWarning: option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(fr, to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:284: PolicySyntaxDeprecationWarning: option ssh_group is deprecated, please rewrite your rules using group@SSH; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(fr, to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:284: PolicySyntaxDeprecationWarning: option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(fr, to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:308: PolicySyntaxDeprecationWarning: option sha1_in_dnssec = 0 is deprecated, please rewrite your rules using mac = and group = and hash = and sign = and cipher = and key_exchange = and protocol = and min_tls_version = 0 and min_dtls_version = 0 and min_dh_size = 0 and min_dsa_size = 0 and min_rsa_size = 0 and sha1_in_certs = 0 and hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1 and arbitrary_dh_groups = 0 and ssh_certs = 0 and ssh_etm = 0 and cipher@TLS = and cipher@SSH = and group@SSH = and protocol@IKE =; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(match_fr, match_to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:308: PolicySyntaxDeprecationWarning: option ssh_etm = 0 is deprecated, please rewrite your rules using mac = and group = and hash = and sign = and cipher = and key_exchange = and protocol = and min_tls_version = 0 and min_dtls_version = 0 and min_dh_size = 0 and min_dsa_size = 0 and min_rsa_size = 0 and sha1_in_certs = 0 and hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1 and arbitrary_dh_groups = 0 and ssh_certs = 0 and etm@SSH = DISABLE_ETM and cipher@TLS = and cipher@SSH = and group@SSH = and protocol@IKE =; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(match_fr, match_to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:308: PolicySyntaxDeprecationWarning: option sha1_in_dnssec = 0 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-* and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and group = SECP256R1 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA2-224 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 and cipher = AES-256-* AES-128-* and cipher = -*-CBC and cipher@Kerberos = AES-256-CBC+ AES-128-CBC+ and key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 0 and hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1 and arbitrary_dh_groups = 1 and ssh_certs = 1 and ssh_etm = 1 and __ems = ENFORCE and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(match_fr, match_to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:308: PolicySyntaxDeprecationWarning: option ssh_etm = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-* and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and group = SECP256R1 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA2-224 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 and cipher = AES-256-* AES-128-* and cipher = -*-CBC and cipher@Kerberos = AES-256-CBC+ AES-128-CBC+ and key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 0 and hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1 and arbitrary_dh_groups = 1 and ssh_certs = 1 and etm@SSH = ANY and __ems = ENFORCE and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(match_fr, match_to)) gnutls[2]: Enabled GnuTLS 3.8.3 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel SHA was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpmff1v5o6 mtime 1732347899 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: DHE-RSA is enabled for KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for KX NSS-POLICY-INFO: ECDHE-RSA is enabled for KX NSS-POLICY-INFO: TLS-REQUIRE-EMS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 15 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 5 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 11 NSS-POLICY-INFO: NUMBER-OF-ECC: 4 NSS-POLICY-INFO: NUMBER-OF-HASH: 4 NSS-POLICY-INFO: NUMBER-OF-MAC: 3 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 2 NSS-POLICY-INFO: NUMBER-OF-OTHER-KX: 4 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 8 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:271: PolicySyntaxDeprecationWarning: option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning('protocol', /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:284: PolicySyntaxDeprecationWarning: option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(fr, to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:284: PolicySyntaxDeprecationWarning: option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(fr, to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:284: PolicySyntaxDeprecationWarning: option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(fr, to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:308: PolicySyntaxDeprecationWarning: option sha1_in_dnssec = 0 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 and cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CTR AES-256-CBC and cipher@!Kerberos = -*-CBC and key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK ECDHE-GSS DHE-GSS and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 3072 and min_dsa_size = 3072 and min_rsa_size = 3072 and sha1_in_certs = 0 and hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1 and arbitrary_dh_groups = 1 and ssh_certs = 1 and ssh_etm = 1 and cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 and cipher@SSH = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(match_fr, match_to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:308: PolicySyntaxDeprecationWarning: option ssh_etm = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 and cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CTR AES-256-CBC and cipher@!Kerberos = -*-CBC and key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK ECDHE-GSS DHE-GSS and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 3072 and min_dsa_size = 3072 and min_rsa_size = 3072 and sha1_in_certs = 0 and hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1 and arbitrary_dh_groups = 1 and ssh_certs = 1 and etm@SSH = ANY and cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 and cipher@SSH = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(match_fr, match_to)) gnutls[2]: Enabled GnuTLS 3.8.3 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel SHA was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpvnxu5hw2 mtime 1732347900 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: DHE-RSA is enabled for KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for KX NSS-POLICY-INFO: ECDHE-RSA is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 14 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 5 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 11 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 3 NSS-POLICY-INFO: NUMBER-OF-MAC: 3 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 2 NSS-POLICY-INFO: NUMBER-OF-OTHER-KX: 3 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 8 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:271: PolicySyntaxDeprecationWarning: option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning('protocol', /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:284: PolicySyntaxDeprecationWarning: option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(fr, to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:284: PolicySyntaxDeprecationWarning: option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(fr, to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:284: PolicySyntaxDeprecationWarning: option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(fr, to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:308: PolicySyntaxDeprecationWarning: option sha1_in_dnssec = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and mac@krb5 = -HMAC-SHA1 and mac@krb5 = HMAC-SHA1+ and group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 FFDHE-1536 and hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA*-224 SHAKE-* SHA1 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 ECDSA-SHA1 RSA-PSS-SHA1 RSA-SHA1 and cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CTR AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CTR AES-128-CBC and key_exchange = ECDHE RSA DHE DHE-RSA PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 1 and hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+ and arbitrary_dh_groups = 1 and ssh_certs = 1 and ssh_etm = 1 and cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CBC and cipher@SSH = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR AES-256-CBC AES-128-GCM AES-128-CTR AES-128-CBC and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(match_fr, match_to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:308: PolicySyntaxDeprecationWarning: option ssh_etm = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and mac@krb5 = -HMAC-SHA1 and mac@krb5 = HMAC-SHA1+ and group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 FFDHE-1536 and hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA*-224 SHAKE-* SHA1 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 ECDSA-SHA1 RSA-PSS-SHA1 RSA-SHA1 and cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CTR AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CTR AES-128-CBC and key_exchange = ECDHE RSA DHE DHE-RSA PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 1 and hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+ and arbitrary_dh_groups = 1 and ssh_certs = 1 and etm@SSH = ANY and cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CBC and cipher@SSH = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR AES-256-CBC AES-128-GCM AES-128-CTR AES-128-CBC and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(match_fr, match_to)) gnutls[2]: Enabled GnuTLS 3.8.3 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel SHA was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: marking hash SHAKE-128 as secure gnutls[2]: cfg: marking hash SHA1 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure gnutls[2]: cfg: marking signature RSA-SHA1 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature rsa-sha1 as secure for certs gnutls[2]: cfg: marking signature dsa-sha1 as secure for certs gnutls[2]: cfg: marking signature ecdsa-sha1 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpbz12eanp mtime 1732347900 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA1 is enabled for KX NSS-POLICY-INFO: SHA1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: RSA is enabled for KX NSS-POLICY-INFO: DHE-RSA is enabled for KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for KX NSS-POLICY-INFO: ECDHE-RSA is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 17 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 13 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 5 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5 NSS-POLICY-INFO: NUMBER-OF-OTHER-KX: 4 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. python/build-crypto-policies.py --policy DEFAULT:SHA1 --test --flat tests/alternative-policies output/alt /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:271: PolicySyntaxDeprecationWarning: option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning('protocol', /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:284: PolicySyntaxDeprecationWarning: option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(fr, to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:284: PolicySyntaxDeprecationWarning: option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(fr, to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:284: PolicySyntaxDeprecationWarning: option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(fr, to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:308: PolicySyntaxDeprecationWarning: option ssh_etm = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and mac@krb5 = -HMAC-SHA1 and mac@krb5 = HMAC-SHA1+ and group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA*-224 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 and cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CTR AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CTR AES-128-CBC and key_exchange = ECDHE RSA DHE DHE-RSA PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 0 and arbitrary_dh_groups = 1 and ssh_certs = 1 and etm@SSH = ANY and cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CBC and cipher@SSH = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR AES-128-GCM AES-128-CTR and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(match_fr, match_to)) gnutls[2]: Enabled GnuTLS 3.8.3 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel SHA was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: marking hash SHA1 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure gnutls[2]: cfg: marking signature RSA-SHA1 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature rsa-sha1 as secure for certs gnutls[2]: cfg: marking signature dsa-sha1 as secure for certs gnutls[2]: cfg: marking signature ecdsa-sha1 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpue2z7jlh mtime 1732347900 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA1 is enabled for KX NSS-POLICY-INFO: SHA1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: RSA is enabled for KX NSS-POLICY-INFO: DHE-RSA is enabled for KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for KX NSS-POLICY-INFO: ECDHE-RSA is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 17 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 13 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 5 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5 NSS-POLICY-INFO: NUMBER-OF-OTHER-KX: 4 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. python/build-crypto-policies.py --policy FIPS:OSPP --test --flat tests/alternative-policies output/alt /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:271: PolicySyntaxDeprecationWarning: option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning('protocol', /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:284: PolicySyntaxDeprecationWarning: option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(fr, to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:308: PolicySyntaxDeprecationWarning: option sha1_in_dnssec = 0 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-* and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and group = SECP256R1 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA2-224 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 and cipher = AES-256-* AES-128-* and cipher = -*-CBC and cipher@Kerberos = AES-256-CBC+ AES-128-CBC+ and key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 0 and hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1 and arbitrary_dh_groups = 1 and ssh_certs = 1 and ssh_etm = 1 and __ems = ENFORCE and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(match_fr, match_to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:308: PolicySyntaxDeprecationWarning: option ssh_etm = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-* and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and group = SECP256R1 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA2-224 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 and cipher = AES-256-* AES-128-* and cipher = -*-CBC and cipher@Kerberos = AES-256-CBC+ AES-128-CBC+ and key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 0 and hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1 and arbitrary_dh_groups = 1 and ssh_certs = 1 and etm@SSH = ANY and __ems = ENFORCE and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(match_fr, match_to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:284: PolicySyntaxDeprecationWarning: option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(fr, to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:284: PolicySyntaxDeprecationWarning: option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(fr, to)) gnutls[2]: Enabled GnuTLS 3.8.3 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel SHA was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpre0mxe1y mtime 1732347900 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: SECP384R1 is enabled for KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: DHE-RSA is enabled for KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for KX NSS-POLICY-INFO: ECDHE-RSA is enabled for KX NSS-POLICY-INFO: TLS-REQUIRE-EMS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 12 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 4 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 8 NSS-POLICY-INFO: NUMBER-OF-ECC: 2 NSS-POLICY-INFO: NUMBER-OF-HASH: 3 NSS-POLICY-INFO: NUMBER-OF-MAC: 3 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 1 NSS-POLICY-INFO: NUMBER-OF-OTHER-KX: 4 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 4 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. python/build-crypto-policies.py --policy FIPS:ECDHE-ONLY --test --flat tests/alternative-policies output/alt /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:271: PolicySyntaxDeprecationWarning: option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning('protocol', /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:284: PolicySyntaxDeprecationWarning: option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(fr, to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:308: PolicySyntaxDeprecationWarning: option sha1_in_dnssec = 0 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-* and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and group = SECP256R1 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA2-224 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 and cipher = AES-256-* AES-128-* and cipher = -*-CBC and cipher@Kerberos = AES-256-CBC+ AES-128-CBC+ and key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 0 and hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1 and arbitrary_dh_groups = 1 and ssh_certs = 1 and ssh_etm = 1 and __ems = ENFORCE and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(match_fr, match_to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:308: PolicySyntaxDeprecationWarning: option ssh_etm = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-* and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and group = SECP256R1 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA2-224 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 and cipher = AES-256-* AES-128-* and cipher = -*-CBC and cipher@Kerberos = AES-256-CBC+ AES-128-CBC+ and key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 0 and hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1 and arbitrary_dh_groups = 1 and ssh_certs = 1 and etm@SSH = ANY and __ems = ENFORCE and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(match_fr, match_to)) gnutls[2]: Enabled GnuTLS 3.8.3 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel SHA was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpd408i24x mtime 1732347900 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: ECDHE-ECDSA is enabled for KX NSS-POLICY-INFO: ECDHE-RSA is enabled for KX NSS-POLICY-INFO: TLS-REQUIRE-EMS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 14 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 5 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 11 NSS-POLICY-INFO: NUMBER-OF-ECC: 4 NSS-POLICY-INFO: NUMBER-OF-HASH: 4 NSS-POLICY-INFO: NUMBER-OF-MAC: 3 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 2 NSS-POLICY-INFO: NUMBER-OF-OTHER-KX: 3 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 6 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. python/build-crypto-policies.py --policy FIPS:NO-ENFORCE-EMS --test --flat tests/alternative-policies output/alt /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:271: PolicySyntaxDeprecationWarning: option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning('protocol', /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:284: PolicySyntaxDeprecationWarning: option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(fr, to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:308: PolicySyntaxDeprecationWarning: option sha1_in_dnssec = 0 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-* and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and group = SECP256R1 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA2-224 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 and cipher = AES-256-* AES-128-* and cipher = -*-CBC and cipher@Kerberos = AES-256-CBC+ AES-128-CBC+ and key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 0 and hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1 and arbitrary_dh_groups = 1 and ssh_certs = 1 and ssh_etm = 1 and __ems = ENFORCE and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(match_fr, match_to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:308: PolicySyntaxDeprecationWarning: option ssh_etm = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-* and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and group = SECP256R1 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA2-224 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 and cipher = AES-256-* AES-128-* and cipher = -*-CBC and cipher@Kerberos = AES-256-CBC+ AES-128-CBC+ and key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 0 and hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1 and arbitrary_dh_groups = 1 and ssh_certs = 1 and etm@SSH = ANY and __ems = ENFORCE and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(match_fr, match_to)) gnutls[2]: Enabled GnuTLS 3.8.3 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel SHA was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmp54g6aqaj mtime 1732347900 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: DHE-RSA is enabled for KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for KX NSS-POLICY-INFO: ECDHE-RSA is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 14 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 5 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 11 NSS-POLICY-INFO: NUMBER-OF-ECC: 4 NSS-POLICY-INFO: NUMBER-OF-HASH: 4 NSS-POLICY-INFO: NUMBER-OF-MAC: 3 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 2 NSS-POLICY-INFO: NUMBER-OF-OTHER-KX: 3 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 8 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. python/build-crypto-policies.py --policy FUTURE:AD-SUPPORT --test --flat tests/alternative-policies output/alt /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:271: PolicySyntaxDeprecationWarning: option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning('protocol', /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:284: PolicySyntaxDeprecationWarning: option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(fr, to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:284: PolicySyntaxDeprecationWarning: option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(fr, to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:284: PolicySyntaxDeprecationWarning: option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(fr, to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:308: PolicySyntaxDeprecationWarning: option sha1_in_dnssec = 0 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 and cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CTR AES-256-CBC and cipher@!Kerberos = -*-CBC and key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK ECDHE-GSS DHE-GSS and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 3072 and min_dsa_size = 3072 and min_rsa_size = 3072 and sha1_in_certs = 0 and hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1 and arbitrary_dh_groups = 1 and ssh_certs = 1 and ssh_etm = 1 and cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 and cipher@SSH = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(match_fr, match_to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:308: PolicySyntaxDeprecationWarning: option ssh_etm = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 and cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CTR AES-256-CBC and cipher@!Kerberos = -*-CBC and key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK ECDHE-GSS DHE-GSS and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 3072 and min_dsa_size = 3072 and min_rsa_size = 3072 and sha1_in_certs = 0 and hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1 and arbitrary_dh_groups = 1 and ssh_certs = 1 and etm@SSH = ANY and cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 and cipher@SSH = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(match_fr, match_to)) gnutls[2]: Enabled GnuTLS 3.8.3 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel SHA was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmporvyj2qx mtime 1732347900 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: DHE-RSA is enabled for KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for KX NSS-POLICY-INFO: ECDHE-RSA is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 14 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 5 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 11 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 3 NSS-POLICY-INFO: NUMBER-OF-MAC: 3 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 2 NSS-POLICY-INFO: NUMBER-OF-OTHER-KX: 3 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 8 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. python/build-crypto-policies.py --policy LEGACY:AD-SUPPORT-LEGACY --test --flat tests/alternative-policies output/alt /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:271: PolicySyntaxDeprecationWarning: option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning('protocol', /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:284: PolicySyntaxDeprecationWarning: option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(fr, to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:284: PolicySyntaxDeprecationWarning: option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(fr, to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:284: PolicySyntaxDeprecationWarning: option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(fr, to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:308: PolicySyntaxDeprecationWarning: option sha1_in_dnssec = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and mac@krb5 = -HMAC-SHA1 and mac@krb5 = HMAC-SHA1+ and group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 FFDHE-1536 and hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA*-224 SHAKE-* SHA1 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 ECDSA-SHA1 RSA-PSS-SHA1 RSA-SHA1 and cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CTR AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CTR AES-128-CBC and key_exchange = ECDHE RSA DHE DHE-RSA PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 1 and hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+ and arbitrary_dh_groups = 1 and ssh_certs = 1 and ssh_etm = 1 and cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CBC and cipher@SSH = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR AES-256-CBC AES-128-GCM AES-128-CTR AES-128-CBC and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(match_fr, match_to)) /builddir/build/BUILD/fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f/python/cryptopolicies/cryptopolicies.py:308: PolicySyntaxDeprecationWarning: option ssh_etm = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and mac@krb5 = -HMAC-SHA1 and mac@krb5 = HMAC-SHA1+ and group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 FFDHE-1536 and hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA*-224 SHAKE-* SHA1 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 ECDSA-SHA1 RSA-PSS-SHA1 RSA-SHA1 and cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CTR AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CTR AES-128-CBC and key_exchange = ECDHE RSA DHE DHE-RSA PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 1 and hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+ and arbitrary_dh_groups = 1 and ssh_certs = 1 and etm@SSH = ANY and cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CBC and cipher@SSH = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR AES-256-CBC AES-128-GCM AES-128-CTR AES-128-CBC and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement warnings.warn(PolicySyntaxDeprecationWarning(match_fr, match_to)) gnutls[2]: Enabled GnuTLS 3.8.3 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel SHA was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: marking hash SHAKE-128 as secure gnutls[2]: cfg: marking hash SHA1 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure gnutls[2]: cfg: marking signature RSA-SHA1 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature rsa-sha1 as secure for certs gnutls[2]: cfg: marking signature dsa-sha1 as secure for certs gnutls[2]: cfg: marking signature ecdsa-sha1 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpvgaymv52 mtime 1732347901 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA1 is enabled for KX NSS-POLICY-INFO: SHA1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: RSA is enabled for KX NSS-POLICY-INFO: DHE-RSA is enabled for KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for KX NSS-POLICY-INFO: ECDHE-RSA is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 17 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 13 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 5 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5 NSS-POLICY-INFO: NUMBER-OF-OTHER-KX: 4 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. + RPM_EC=0 ++ jobs -p + exit 0 Processing files: crypto-policies-20240202-1.git283706d.el9.noarch Executing(%license): /bin/sh -e /var/tmp/rpm-tmp.WecM0I + umask 022 + cd /builddir/build/BUILD + cd fedora-crypto-policies-283706d-283706dbc258f4ac0b19b3291bc18f9b691b222f + LICENSEDIR=/builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/licenses/crypto-policies + export LC_ALL=C + LC_ALL=C + export LICENSEDIR + /usr/bin/mkdir -p /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/licenses/crypto-policies + cp -pr COPYING.LESSER /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch/usr/share/licenses/crypto-policies + RPM_EC=0 ++ jobs -p + exit 0 warning: absolute symlink: /etc/crypto-policies/back-ends/bind.config -> /usr/share/crypto-policies/DEFAULT/bind.txt warning: absolute symlink: /etc/crypto-policies/back-ends/gnutls.config -> /usr/share/crypto-policies/DEFAULT/gnutls.txt warning: absolute symlink: /etc/crypto-policies/back-ends/java.config -> /usr/share/crypto-policies/DEFAULT/java.txt warning: absolute symlink: /etc/crypto-policies/back-ends/javasystem.config -> /usr/share/crypto-policies/DEFAULT/javasystem.txt warning: absolute symlink: /etc/crypto-policies/back-ends/krb5.config -> /usr/share/crypto-policies/DEFAULT/krb5.txt warning: absolute symlink: /etc/crypto-policies/back-ends/libreswan.config -> /usr/share/crypto-policies/DEFAULT/libreswan.txt warning: absolute symlink: /etc/crypto-policies/back-ends/libssh.config -> /usr/share/crypto-policies/DEFAULT/libssh.txt warning: absolute symlink: /etc/crypto-policies/back-ends/nss.config -> /usr/share/crypto-policies/DEFAULT/nss.txt warning: absolute symlink: /etc/crypto-policies/back-ends/openssh.config -> /usr/share/crypto-policies/DEFAULT/openssh.txt warning: absolute symlink: /etc/crypto-policies/back-ends/opensshserver.config -> /usr/share/crypto-policies/DEFAULT/opensshserver.txt warning: absolute symlink: /etc/crypto-policies/back-ends/openssl.config -> /usr/share/crypto-policies/DEFAULT/openssl.txt warning: absolute symlink: /etc/crypto-policies/back-ends/openssl_fips.config -> /usr/share/crypto-policies/DEFAULT/openssl_fips.txt warning: absolute symlink: /etc/crypto-policies/back-ends/opensslcnf.config -> /usr/share/crypto-policies/DEFAULT/opensslcnf.txt Provides: config(crypto-policies) = 20240202-1.git283706d.el9 crypto-policies = 20240202-1.git283706d.el9 Requires(rpmlib): rpmlib(BuiltinLuaScripts) <= 4.2.2-1 rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PartialHardlinkSets) <= 4.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 Conflicts: gnutls < 3.7.6-22 libreswan < 3.28 nss < 3.90.0 openssh < 8.7p1-24 openssl < 1:3.0.1-10 Processing files: crypto-policies-scripts-20240202-1.git283706d.el9.noarch Provides: crypto-policies-scripts = 20240202-1.git283706d.el9 fips-mode-setup = 20240202-1.git283706d.el9 Requires(interp): /bin/sh Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PartialHardlinkSets) <= 4.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 Requires(posttrans): /bin/sh Requires: /usr/bin/bash /usr/bin/python3 /usr/bin/sh Recommends: (grubby if kernel) Checking for unpackaged file(s): /usr/lib/rpm/check-files /builddir/build/BUILDROOT/crypto-policies-20240202-1.git283706d.el9.noarch Wrote: /builddir/build/RPMS/crypto-policies-20240202-1.git283706d.el9.noarch.rpm Wrote: /builddir/build/RPMS/crypto-policies-scripts-20240202-1.git283706d.el9.noarch.rpm Child return code was: 0