Security

Post-Quantum Cryptography Enabled by Default in System-Wide Crypto Policies

Oracle Linux 10.1 system-wide cryptographic policies now enable post-quantum (PQ) cryptography algorithms by default in all predefined policy sets.

Notable changes include:

Hybrid Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) and pure Module-Lattice-Based Digital Signature Standard (ML-DSA) PQ cryptographic algorithms are enabled in LEGACY, DEFAULT, and FUTURE policies with the highest priorities.
You can use the NO-PQ subpolicy to disable the PQC algorithms.
The TEST-PQ subpolicy can be used to enable pure ML-KEM in OpenSSL.
The FIPS cryptographic policy enables hybrid ML-KEM and pure ML-DSA PQ cryptographic algorithms.
OpenSSL group selection give PQ groups higher priority than classical ones. Disable all PQ groups to revert to previous behavior.
The PQC algorithms are enabled for the Sequoia PGP tool in all policies.
ML-DSA algorithms are enabled for GnuTLS TLS connections by default, and you can control them through the MLDSA44, MLDSA65, and MLDSA87 values.
The ML-DSA-44, ML-DSA-65, and ML-DSA-87 PQC algorithms are enabled for NSS TLS connections in all cryptographic policies.
The mlkem768x25519, secp256r1mlkem768, and secp384r1mlkem1024 hybrid ML-KEM groups are enabled for NSS TLS negotiations.

AD-SUPPORT-LEGACY Cryptography Subpolicy Re-Added

The AD-SUPPORT-LEGACY cryptographic subpolicy is restored in Oracle Linux 10.1 for compatibility with legacy Active Directory environments that require RC4 encryption.

`openssl` Updated to Version 3.5

With Oracle Linux 10.1, OpenSSL is updated to version 3.5 and includes ML-KEM, ML-DSA, SLH-DSA, QUIC transport, and additional post-quantum and modern cryptography features.

You can now improve security for TLS connections and cryptographic operations in Oracle Linux environments, preparing systems for a quantum-safe future.

See https://github.com/openssl/openssl/blob/openssl-3.5/CHANGES.md#openssl-35 for more information.

OpenSSL SSLKEYLOGFILE Environment Variable For Debugging

With Oracle Linux 10.1, use the SSLKEYLOGFILE environment variable to instruct OpenSSL to log TLS connection secrets to a file.

Caution:

Only enable this feature in test or debug environments. Logging key material can introduce security risks.

OpenSSL 3.5 Uses Standard Private Key Format for ML-KEM and ML-DSA

Oracle Linux 10.1 requires ML-KEM and ML-DSA private keys to use the standard format in OpenSSL 3.5. Convert old keys using openssl pkcs8.

For example, use the following command to convert an ML-KEM key.

openssl pkcs8 -in mlkem.key -nocrypt -topk8 -out mlkem.new.key

Verify that the newly generated key is valid and contains the same content as the original key:

diff <(openssl pkey -in mlkem.new.key -text -noout) <(openssl pkey -in mlkem.key -text -noout)

The same approach applies to converting and verifying an ML-DSA key.

NSS Updated to 3.112

With Oracle Linux 10.1, the NSS cryptographic toolkit packages are updated to upstream version 3.112 with many improvements and fixes.

See https://firefox-source-docs.mozilla.org/security/nss/releases/index.html for more information.

Notable changes include:

This update adds support for the Module-Lattice-Based Digital Signature Algorithm (ML-DSA), a post-quantum cryptography (PQC) standard.
You can take advantage of hybrid SSL support with the MLKEM1024 key encapsulation mechanism.

`libreswan` Updated to Version 5.3

The libreswan IPsec implementation is updated to version 5.3, delivering bug fixes and feature improvements.

See https://download.libreswan.org/CHANGES for more information.

`gnutls` Updated to Version 3.8.10

The gnutls package is updated to version 3.8.10, adding certificate compression, expanded ML-DSA algorithm support, and support for PKCS#11 module overrides.

See https://lists.gnupg.org/pipermail/gnutls-help/2025-July/004883.html for more information.

Certificate compression options and algorithms can now be set with cert-compression-alg configuration option in the gnutls priority file.
TLS X.509 certificates with ML-DSA keys for TLS 1.3. ML-DSA signature algorithms, ML-DSA-44, ML-DSA-65, and ML-DSA-87, can digitally sign TLS handshake messages.
PKCS#11 provider override as tech preview. Use the [provider] section in the system-wide config to specify the path and pin for the module.

Sequoia Updated With OpenPGP V6 Support

The Sequoia tools in Oracle Linux 10.1, sequioa-sq and sequioa-sqv, handle post-quantum cryptography keys, enabling quantum-resistant digital signatures. Also, the rpm-sequoia package can verify RPM packages with post-quantum cryptographic algorithms and can now verify verification of OpenPGP v6 signatures when running the rpm -Kv command.

For example, you can generate an ML-DSA key using Sequoia as follows:

sq key generate --name "Test key" --own-key --cipher-suite mldsa65 --profile rfc9580
sq key list
 - A3C077C3A6A6067E7B457DDCF7E80097AC929B341C8499841A3ACFB4342A81FF
   - user ID: Test key (authenticated)
[...]

To sign an RPM using Sequoia keys, first update the /etc/rpm/macros with the Sequoia RPM signing macro.

sudo cp /usr/share/doc/rpm/macros.rpmsign-sequoia /etc/rpm
cat /etc/rpm/macros
%_gpg_name A3C077C3A6A6067E7B457DDCF7E80097AC929B341C8499841A3ACFB4342A81FF

rpmsign --rpmv6 --resign wget-1.24.5-5.el10.x86_64.rpm
wget-1.24.5-5.el10.x86_64.rpm:

To verify an RPM package and view the OpenPGP V6 signature:

rpm -Kv wget-1.24.5-5.el10.x86_64.rpm
wget-1.24.5-5.el10.x86_64.rpm:
    Header V6 ML-DSA-65+Ed25519/SHA512 Signature, key ID 250ac5d3: OK
    Header SHA256 digest: OK
    Header SHA1 digest: OK
    Payload SHA256 digest: OK
    MD5 digest: OK

SELinux Policy Updated to Version 42.1

SELinux policy packages are updated to version 42.1, delivering multiple improvements and fixes, including added types for systemd generators.

SELinux `-extra` Policy Modules for EPEL Moved to CRB Repository

Policy modules only used for EPEL packages have been moved from selinux-policy to selinux-policy-targeted-extra and selinux-policy-mls-extra in the CodeReady Linux Builder repository, improving policy management and automatic EPEL enablement.

SELinux Permissive Mode Removed Services

SELinux types for gnome_remote_desktop_t, pcmsensor_t, and samba_bgqd_t are now enabled in enforcing mode, improving security for these services. Previously, these services were configured to run in permissive mode.

SELinux Policy Updated for `qgs` Daemon

The SELinux policy adds a new qgs_t type and access rules for the qgs daemon, which lets the daemon operate securely in TDX confidential VM environments.

With these rules, SELinux can control access for qgs in Oracle Linux, strengthening security for confidential computing deployments.

SELinux Policy Confines Additional Services

SELinux policy now confines switcheroo-control and tuned-ppd services, removing their unconfined_service_t label and improving system security.

`setroubleshoot-server` No Longer Requires Initscripts

The setroubleshoot-server SELinux diagnostic tool no longer uses /sbin/service in its scriptlets and instead interacts directly with auditctl, simplifying dependencies.

SCAP Security Guide Updated to Version 0.1.78

The SCAP Security Guide (SSG) packages are updated to the upstream version 0.1.78 and provide enhancements and bug fixes such as the following:

Oracle Linux 9 stig and stig_gui profiles are aligned with DISA STIG for Oracle Linux 9 V1R2.

The auditd_freq rule correctly honors the XCCDF variable.
Added support for drop-in files to systemd coredump rules.
Rules allow white spaces around the equal sign in systemd configuration.
Improved detection of the retry option in password complexity.

OpenSSH Ignores Invalid RSA Hostkeys in `known_hosts`

OpenSSH is updated to ignore RSA bad hostkeys in known_hosts that are invalid because of an unsupported length. Instead of failing, the SSH connection proceeds and uses valid keys instead.

`fips-provider-next` Package Added

The fips-provider-next package introduces the next version of the FIPS provider for OpenSSL. This package might be submitted to the National Institute of Standards and Technology (NIST) for future validation. The openssl-fips-provider remains the validated FIPS provider.

To switch to the fips-provider-next, run the following command:

sudo dnf swap openssl-fips-provider fips-provider-next

The fips-provider-next package is available as a technical preview.

`auditd` Includes Cron-Based Log Rotation Example

Oracle Linux 10.1 includes auditd.cron to help set up time-based auditd log rotation. This provides administrators with a clear, documented example configuration for rotating audit logs by schedule.

`openCryptoki` Updated to Version 3.25.0

Version 3.25.0 of the openCryptoki packages is now available.

See https://github.com/opencryptoki/opencryptoki/releases/tag/v3.25.0 for more information.

Security

Post-Quantum Cryptography Enabled by Default in System-Wide Crypto Policies

AD-SUPPORT-LEGACY Cryptography Subpolicy Re-Added

openssl Updated to Version 3.5

OpenSSL SSLKEYLOGFILE Environment Variable For Debugging

OpenSSL 3.5 Uses Standard Private Key Format for ML-KEM and ML-DSA

NSS Updated to 3.112

libreswan Updated to Version 5.3

gnutls Updated to Version 3.8.10

Sequoia Updated With OpenPGP V6 Support

SELinux Policy Updated to Version 42.1

SELinux -extra Policy Modules for EPEL Moved to CRB Repository

SELinux Permissive Mode Removed Services

SELinux Policy Updated for qgs Daemon

SELinux Policy Confines Additional Services

setroubleshoot-server No Longer Requires Initscripts

SCAP Security Guide Updated to Version 0.1.78

OpenSSH Ignores Invalid RSA Hostkeys in known_hosts

fips-provider-next Package Added

auditd Includes Cron-Based Log Rotation Example

openCryptoki Updated to Version 3.25.0