Segurança

Fedora Linux 36 comes with OpenSSL 3.0 as the primary OpenSSL package. It brings support for Crypto Providers interface. For more information on migrating from previous versions of OpenSSL, see the upstream Migration Guide.

Users that do not want use authselect to manage their nsswitch and PAM configuration must explicitly opt-out by calling authselect opt-out or removing /etc/authselect/authselect.conf. If you do not opt out, and make any changes to configuration generated by authselect without using the tool itself, any subsequent calls to authselect will overwrite your changes again.

This change is necessary to ensure authselect works Fedora CoreOS and other system using rpm-ostree.

Beginning in Fedora Linux 36, GnuTLS switches to an allowlist-based configuration method and offers an API to adjust system defaults for specific applications.

The Keylime package has been split into role-specific subpackages (agent, registrar, verifier, and admin components). This makes it easier to deploy the Keylime agent in Fedora IoT and CoreOS spins, which in turn enables remote attestation without installing Keylime’s full dependencies.

Keylime now also allows the use of the alternative agent implementation written in Rust, which will eventually be preferred over the existing Python implementation in future releases.