Security

The following security related features and functionalities are deprecated in Oracle Linux 10.

Scap-Workbench

The scap-workbench package is removed.

Oscap-Anaconda-Addon

The oscap-anaconda-addon is removed.

DSA and SEED Algorithms

The DSA and SEED algorithms are removed from the Network Security Services (NSS) cryptographic library.

Fips-Mode-Setup

The fips-mode-setup command is removed.

/etc/system-fips

Support for indicating FIPS mode through the /etc/system-fips file is removed.

TLS HeartBeat

Support for the HeartBeat extension in TLS is removed.

SRP Authentication

Authentication that uses Secure Remote Password protocol (SRP) in TLS is removed.

Keylime HTTP

The Keylime components no longer support the HTTP protocol for revocation notification webhooks.

DEFAULT Cryptographic Policy

TLS ciphers that use the RSA key exchange are no longer accepted in the DEFAULT system-wide cryptographic policy.

Ca-Certificates Trust Store

The /etc/pki/tls/certs trust store is converted to a different format.

LEGACY Cryptographic Policy

The LEGACY system-wide cryptographic policy no longer allows creating or verifying signatures that use SHA-1 in TLS contexts.

Pam_Ssh_Agent_Auth

The pam_ssh_agent_auth package is removed.

OpenSSL SHA-1 in TLS

OpenSSL does not accept the SHA-1 algorithm at SECLEVEL=2 in TLS.

Stunnel OpenSSL ENGINE API

The stunnel TLS offloading and load-balancing proxy no longer supports the previously deprecated OpenSSL ENGINE API.

OpenSSL Engines

OpenSSL Engines are removed from upstream.

Libsss_Simpleifp Subpackage

The libsss_simpleifp subpackage is removed.

SSSD Files Provider

The SSSD files provider is removed.

Ad-Allow-Remote-Domain-Local-Groups Option

The ad_allow_remote_domain_local_groups option is removed from SSSD.

Reconnection_Retries Option

The reconnection_retries option is removed from the sssd.conf file in SSSD.