Chapter 11. Security


TLS 1.2 support added to all system components

With the addition of TLS 1.2 support to the GnuTLS component, Red Hat Enterprise Linux 6 offers complete support for TLS 1.2 in the shipped security libraries: OpenSSL, NSS, and GnuTLS. Several modern standards such as PCI-DSS v3.1 recommend the latest TLS protocol, which is currently TLS 1.2. This addition allows you to use Red Hat Enterprise Linux 6 with future revisions of security standards, which may require TLS 1.2 support.
For more information about the cryptographic changes in the Red Hat Enterprise Linux 6, see this article on the Red Hat Customer Portal: https://access.redhat.com/blogs/766093/posts/2787271. (BZ#1339222)

OpenSCAP 1.2.13 is NIST certified

OpenSCAP 1.2.13 has been certified by the National Institute of Standards and Technology’s (NIST) Security Content Automation Protocol (SCAP) 1.2 in the Authenticated Configuration Scanner category with the Common Vulnerabilities and Exposure (CVE) option. OpenSCAP provides a library that can parse and evaluate each component of the SCAP standard. This makes creating new SCAP tools convenient. Also, OpenSCAP offers a multi-purpose tool designed to format content into documents or scan a system based on this content. (BZ#1364207)

vsftpd now uses TLS 1.2 by default

Users of the Very Secure File Transfer Protocol (FTP) daemon (vsftpd) can select a specific version of TLS protocol up to 1.2. TLS 1.2 has been enabled by default to bring security of vsftpd to the same level as the same package in Red Hat Enterprise Linux 7. New default ciphers specific to TLS 1.2 has been added: ECDHE-RSA-AES256-GCM-SHA384 and ECDHE-ECDSA-AES256-GCM-SHA384. These changes do not break existing configurations. (BZ#1350724)

auditd now supports incremental_async

The audit daemon now supports a new flush technique called incremental_async. This new mode significantly improves the audit daemon's logging performance maintaining short flush intervals for security. (BZ#1369249)

scap-security-guide now supports ComputeNode

The scap-security-guide project now supports scanning of the ComputeNode variant of Red Hat Enterprise Linux and the scap-security-guide package is also distributed in the relevant channel. (BZ#1311491)

rsyslog7 now enables TLS 1.2

With this update, the rsyslog7 multi-threaded syslog daemon explicitly enables TLS 1.2 in the GnuTLS component. (BZ#1323199)
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.