Mock Version: 5.5
Mock Version: 5.5
Mock Version: 5.5
ENTER ['do_with_status'](['bash', '--login', '-c', '/usr/bin/rpmbuild -bs --noclean --target noarch --nodeps /builddir/build/SPECS/crypto-policies.spec'], chrootPath='/var/lib/mock/f41-build-51679045-6184813/root'env={'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;<mock-chroot>\\007"', 'PS1': '<mock-chroot> \\s-\\v\\$ ', 'LANG': 'C.UTF-8'}shell=Falselogger=<mockbuild.trace_decorator.getLog object at 0x3ffb764f170>timeout=201600uid=1000gid=425user='mockbuild'nspawn_args=['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.kaiyx63a:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11']unshare_net=TrueprintOutput=False)
Using nspawn with args ['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.kaiyx63a:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11']
Executing command: ['/usr/bin/systemd-nspawn', '-q', '-M', '2792731fa87f43cab496462a6f2896fb', '-D', '/var/lib/mock/f41-build-51679045-6184813/root', '-a', '-u', 'mockbuild', '--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.kaiyx63a:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11', '--console=pipe', '--setenv=TERM=vt100', '--setenv=SHELL=/bin/bash', '--setenv=HOME=/builddir', '--setenv=HOSTNAME=mock', '--setenv=PATH=/usr/bin:/bin:/usr/sbin:/sbin', '--setenv=PROMPT_COMMAND=printf "\\033]0;<mock-chroot>\\007"', '--setenv=PS1=<mock-chroot> \\s-\\v\\$ ', '--setenv=LANG=C.UTF-8', '--resolv-conf=off', 'bash', '--login', '-c', '/usr/bin/rpmbuild -bs --noclean --target noarch --nodeps /builddir/build/SPECS/crypto-policies.spec'] with env {'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;<mock-chroot>\\007"', 'PS1': '<mock-chroot> \\s-\\v\\$ ', 'LANG': 'C.UTF-8', 'SYSTEMD_NSPAWN_TMPFS_TMP': '0', 'SYSTEMD_SECCOMP': '0'} and shell False
Building target platforms: noarch
Building for target noarch
setting SOURCE_DATE_EPOCH=1716249600
Wrote: /builddir/build/SRPMS/crypto-policies-20240521-1.gitf71d135.fc41.src.rpm
Child return code was: 0
ENTER ['do_with_status'](['bash', '--login', '-c', '/usr/bin/rpmbuild -bb --noclean --target noarch --nodeps /builddir/build/SPECS/crypto-policies.spec'], chrootPath='/var/lib/mock/f41-build-51679045-6184813/root'env={'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;<mock-chroot>\\007"', 'PS1': '<mock-chroot> \\s-\\v\\$ ', 'LANG': 'C.UTF-8'}shell=Falselogger=<mockbuild.trace_decorator.getLog object at 0x3ffb764f170>timeout=201600uid=1000gid=425user='mockbuild'nspawn_args=['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.kaiyx63a:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11']unshare_net=TrueprintOutput=False)
Using nspawn with args ['--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.kaiyx63a:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11']
Executing command: ['/usr/bin/systemd-nspawn', '-q', '-M', '00b2bfe7e5984f4691cd58b86a515d02', '-D', '/var/lib/mock/f41-build-51679045-6184813/root', '-a', '-u', 'mockbuild', '--capability=cap_ipc_lock', '--bind=/tmp/mock-resolv.kaiyx63a:/etc/resolv.conf', '--bind=/dev/btrfs-control', '--bind=/dev/mapper/control', '--bind=/dev/fuse', '--bind=/dev/loop-control', '--bind=/dev/loop0', '--bind=/dev/loop1', '--bind=/dev/loop2', '--bind=/dev/loop3', '--bind=/dev/loop4', '--bind=/dev/loop5', '--bind=/dev/loop6', '--bind=/dev/loop7', '--bind=/dev/loop8', '--bind=/dev/loop9', '--bind=/dev/loop10', '--bind=/dev/loop11', '--console=pipe', '--setenv=TERM=vt100', '--setenv=SHELL=/bin/bash', '--setenv=HOME=/builddir', '--setenv=HOSTNAME=mock', '--setenv=PATH=/usr/bin:/bin:/usr/sbin:/sbin', '--setenv=PROMPT_COMMAND=printf "\\033]0;<mock-chroot>\\007"', '--setenv=PS1=<mock-chroot> \\s-\\v\\$ ', '--setenv=LANG=C.UTF-8', '--resolv-conf=off', 'bash', '--login', '-c', '/usr/bin/rpmbuild -bb --noclean --target noarch --nodeps /builddir/build/SPECS/crypto-policies.spec'] with env {'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOME': '/builddir', 'HOSTNAME': 'mock', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin', 'PROMPT_COMMAND': 'printf "\\033]0;<mock-chroot>\\007"', 'PS1': '<mock-chroot> \\s-\\v\\$ ', 'LANG': 'C.UTF-8', 'SYSTEMD_NSPAWN_TMPFS_TMP': '0', 'SYSTEMD_SECCOMP': '0'} and shell False
Building target platforms: noarch
Building for target noarch
setting SOURCE_DATE_EPOCH=1716249600
Executing(%mkbuilddir): /bin/sh -e /var/tmp/rpm-tmp.4OqPvs
+ umask 022
+ cd /builddir/build/BUILD/crypto-policies-20240521-build
+ test -d /builddir/build/BUILD/crypto-policies-20240521-build
+ /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w /builddir/build/BUILD/crypto-policies-20240521-build
+ /usr/bin/rm -rf /builddir/build/BUILD/crypto-policies-20240521-build
+ /usr/bin/mkdir -p /builddir/build/BUILD/crypto-policies-20240521-build
+ /usr/bin/mkdir -p /builddir/build/BUILD/crypto-policies-20240521-build/SPECPARTS
+ RPM_EC=0
++ jobs -p
+ exit 0
Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.EKZyIJ
+ umask 022
+ cd /builddir/build/BUILD/crypto-policies-20240521-build
+ cd /builddir/build/BUILD/crypto-policies-20240521-build
+ rm -rf fedora-crypto-policies-f71d135-f71d135074d5c2c1b03002d327c7eee9a2a2cb42
+ /usr/lib/rpm/rpmuncompress -x /builddir/build/SOURCES/crypto-policies-gitf71d135.tar.gz
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ cd fedora-crypto-policies-f71d135-f71d135074d5c2c1b03002d327c7eee9a2a2cb42
+ /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w .
+ RPM_EC=0
++ jobs -p
+ exit 0
Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.GcOkt5
+ umask 022
+ cd /builddir/build/BUILD/crypto-policies-20240521-build
+ CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=z13 -mtune=z14 -fasynchronous-unwind-tables -fstack-clash-protection '
+ export CFLAGS
+ CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=z13 -mtune=z14 -fasynchronous-unwind-tables -fstack-clash-protection '
+ export CXXFLAGS
+ FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=z13 -mtune=z14 -fasynchronous-unwind-tables -fstack-clash-protection -I/usr/lib/gfortran/modules '
+ export FFLAGS
+ FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=z13 -mtune=z14 -fasynchronous-unwind-tables -fstack-clash-protection -I/usr/lib/gfortran/modules '
+ export FCFLAGS
+ VALAFLAGS=-g
+ export VALAFLAGS
+ RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn'
+ export RUSTFLAGS
+ LDFLAGS='-Wl,-z,relro -Wl,--as-needed   -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -Wl,--build-id=sha1  '
+ export LDFLAGS
+ LT_SYS_LIBRARY_PATH=/usr/lib:
+ export LT_SYS_LIBRARY_PATH
+ CC=gcc
+ export CC
+ CXX=g++
+ export CXX
+ cd fedora-crypto-policies-f71d135-f71d135074d5c2c1b03002d327c7eee9a2a2cb42
+ /usr/bin/make -O -j3 V=1 VERBOSE=1
asciidoc -v -d manpage -b docbook fips-finish-install.8.txt
xsltproc --nonet -o fips-finish-install.8 /usr/lib/python3.13/site-packages/asciidoc/resources/docbook-xsl/manpage.xsl fips-finish-install.8.xml
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/asciidoc.conf
asciidoc: reading: /builddir/build/BUILD/crypto-policies-20240521-build/fedora-crypto-policies-f71d135-f71d135074d5c2c1b03002d327c7eee9a2a2cb42/fips-finish-install.8.txt
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/docbook45.conf
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/code/code-filter.conf
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/graphviz/graphviz-filter.conf
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/source/source-highlight-filter.conf
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/lang-en.conf
asciidoc: writing: /builddir/build/BUILD/crypto-policies-20240521-build/fedora-crypto-policies-f71d135-f71d135074d5c2c1b03002d327c7eee9a2a2cb42/fips-finish-install.8.xml
module error : failed to open /usr/lib64/libxslt-plugins/freshmeat_net_projects_freshmeat_submit.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/exslt_org_dates_and_times.so
module error : failed to open /usr/lib64/libxslt-plugins/exslt_org_common.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/exslt_org_common.so
module error : failed to open /usr/lib64/libxslt-plugins/xml_apache_org_xslt.so
module error : failed to open /usr/lib64/libxslt-plugins/xml_apache_org_xslt.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xslt_ext_com_nwalsh_saxon_TextFactory.so
module error : failed to open /usr/lib64/libxslt-plugins/com_nwalsh_xalan_Text.so
module error : failed to open /usr/lib64/libxslt-plugins/xml_apache_org_xslt.so
module error : failed to open /usr/lib64/libxslt-plugins/xml_apache_org_xslt.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/xml_apache_org_xslt.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/xml_apache_org_xalan_redirect.so
module error : failed to open /usr/lib64/libxslt-plugins/xml_apache_org_xslt.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
Note: Writing fips-finish-install.8
asciidoc -v -d manpage -b docbook update-crypto-policies.8.txt
xsltproc --nonet -o update-crypto-policies.8 /usr/lib/python3.13/site-packages/asciidoc/resources/docbook-xsl/manpage.xsl update-crypto-policies.8.xml
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/asciidoc.conf
asciidoc: reading: /builddir/build/BUILD/crypto-policies-20240521-build/fedora-crypto-policies-f71d135-f71d135074d5c2c1b03002d327c7eee9a2a2cb42/update-crypto-policies.8.txt
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/docbook45.conf
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/code/code-filter.conf
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/graphviz/graphviz-filter.conf
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/source/source-highlight-filter.conf
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/lang-en.conf
asciidoc: writing: /builddir/build/BUILD/crypto-policies-20240521-build/fedora-crypto-policies-f71d135-f71d135074d5c2c1b03002d327c7eee9a2a2cb42/update-crypto-policies.8.xml
module error : failed to open /usr/lib64/libxslt-plugins/freshmeat_net_projects_freshmeat_submit.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/exslt_org_dates_and_times.so
module error : failed to open /usr/lib64/libxslt-plugins/exslt_org_common.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/exslt_org_common.so
module error : failed to open /usr/lib64/libxslt-plugins/xml_apache_org_xslt.so
module error : failed to open /usr/lib64/libxslt-plugins/xml_apache_org_xslt.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xslt_ext_com_nwalsh_saxon_TextFactory.so
module error : failed to open /usr/lib64/libxslt-plugins/com_nwalsh_xalan_Text.so
module error : failed to open /usr/lib64/libxslt-plugins/xml_apache_org_xslt.so
module error : failed to open /usr/lib64/libxslt-plugins/xml_apache_org_xslt.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/xml_apache_org_xslt.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/xml_apache_org_xalan_redirect.so
module error : failed to open /usr/lib64/libxslt-plugins/xml_apache_org_xslt.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
Note: Writing update-crypto-policies.8
asciidoc -v -d manpage -b docbook crypto-policies.7.txt
xsltproc --nonet -o crypto-policies.7 /usr/lib/python3.13/site-packages/asciidoc/resources/docbook-xsl/manpage.xsl crypto-policies.7.xml
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/asciidoc.conf
asciidoc: reading: /builddir/build/BUILD/crypto-policies-20240521-build/fedora-crypto-policies-f71d135-f71d135074d5c2c1b03002d327c7eee9a2a2cb42/crypto-policies.7.txt
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/docbook45.conf
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/code/code-filter.conf
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/graphviz/graphviz-filter.conf
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/source/source-highlight-filter.conf
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/lang-en.conf
asciidoc: writing: /builddir/build/BUILD/crypto-policies-20240521-build/fedora-crypto-policies-f71d135-f71d135074d5c2c1b03002d327c7eee9a2a2cb42/crypto-policies.7.xml
module error : failed to open /usr/lib64/libxslt-plugins/freshmeat_net_projects_freshmeat_submit.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/exslt_org_dates_and_times.so
module error : failed to open /usr/lib64/libxslt-plugins/exslt_org_common.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/exslt_org_common.so
module error : failed to open /usr/lib64/libxslt-plugins/xml_apache_org_xslt.so
module error : failed to open /usr/lib64/libxslt-plugins/xml_apache_org_xslt.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xslt_ext_com_nwalsh_saxon_TextFactory.so
module error : failed to open /usr/lib64/libxslt-plugins/com_nwalsh_xalan_Text.so
module error : failed to open /usr/lib64/libxslt-plugins/xml_apache_org_xslt.so
module error : failed to open /usr/lib64/libxslt-plugins/xml_apache_org_xslt.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/xml_apache_org_xslt.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/xml_apache_org_xalan_redirect.so
module error : failed to open /usr/lib64/libxslt-plugins/xml_apache_org_xslt.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
Note: Writing crypto-policies.7
asciidoc -v -d manpage -b docbook fips-mode-setup.8.txt
xsltproc --nonet -o fips-mode-setup.8 /usr/lib/python3.13/site-packages/asciidoc/resources/docbook-xsl/manpage.xsl fips-mode-setup.8.xml
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/asciidoc.conf
asciidoc: reading: /builddir/build/BUILD/crypto-policies-20240521-build/fedora-crypto-policies-f71d135-f71d135074d5c2c1b03002d327c7eee9a2a2cb42/fips-mode-setup.8.txt
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/docbook45.conf
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/code/code-filter.conf
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/graphviz/graphviz-filter.conf
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/source/source-highlight-filter.conf
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/lang-en.conf
asciidoc: writing: /builddir/build/BUILD/crypto-policies-20240521-build/fedora-crypto-policies-f71d135-f71d135074d5c2c1b03002d327c7eee9a2a2cb42/fips-mode-setup.8.xml
module error : failed to open /usr/lib64/libxslt-plugins/freshmeat_net_projects_freshmeat_submit.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/exslt_org_dates_and_times.so
module error : failed to open /usr/lib64/libxslt-plugins/exslt_org_common.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/exslt_org_common.so
module error : failed to open /usr/lib64/libxslt-plugins/xml_apache_org_xslt.so
module error : failed to open /usr/lib64/libxslt-plugins/xml_apache_org_xslt.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xslt_ext_com_nwalsh_saxon_TextFactory.so
module error : failed to open /usr/lib64/libxslt-plugins/com_nwalsh_xalan_Text.so
module error : failed to open /usr/lib64/libxslt-plugins/xml_apache_org_xslt.so
module error : failed to open /usr/lib64/libxslt-plugins/xml_apache_org_xslt.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/xml_apache_org_xslt.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/xml_apache_org_xalan_redirect.so
module error : failed to open /usr/lib64/libxslt-plugins/xml_apache_org_xslt.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
module error : failed to open /usr/lib64/libxslt-plugins/nwalsh_com_xsl_documentation_1_0.so
Note: Writing fips-mode-setup.8
mkdir -p output
python/build-crypto-policies.py --reloadcmds policies output
Saving config for bind for policy BSI
Saving config for gnutls for policy BSI
Saving config for java for policy BSI
Saving config for javasystem for policy BSI
Saving config for krb5 for policy BSI
Saving config for libreswan for policy BSI
Saving config for libssh for policy BSI
Saving config for nss for policy BSI
Saving config for openssh for policy BSI
Saving config for opensshserver for policy BSI
Saving config for opensslcnf for policy BSI
Saving config for openssl_fips for policy BSI
Saving config for openssl for policy BSI
Saving config for rpm-sequoia for policy BSI
Saving config for sequoia for policy BSI
Saving config for bind for policy DEFAULT
Saving config for gnutls for policy DEFAULT
Saving config for java for policy DEFAULT
Saving config for javasystem for policy DEFAULT
Saving config for krb5 for policy DEFAULT
Saving config for libreswan for policy DEFAULT
Saving config for libssh for policy DEFAULT
Saving config for nss for policy DEFAULT
Saving config for openssh for policy DEFAULT
Saving config for opensshserver for policy DEFAULT
Saving config for opensslcnf for policy DEFAULT
Saving config for openssl_fips for policy DEFAULT
Saving config for openssl for policy DEFAULT
Saving config for rpm-sequoia for policy DEFAULT
Saving config for sequoia for policy DEFAULT
Saving config for bind for policy EMPTY
Saving config for gnutls for policy EMPTY
Saving config for java for policy EMPTY
Saving config for javasystem for policy EMPTY
Saving config for krb5 for policy EMPTY
Saving config for libreswan for policy EMPTY
Saving config for libssh for policy EMPTY
Saving config for nss for policy EMPTY
Saving config for openssh for policy EMPTY
Saving config for opensshserver for policy EMPTY
Saving config for opensslcnf for policy EMPTY
Saving config for openssl_fips for policy EMPTY
Saving config for openssl for policy EMPTY
Saving config for rpm-sequoia for policy EMPTY
Saving config for sequoia for policy EMPTY
Saving config for bind for policy FIPS
Saving config for gnutls for policy FIPS
Saving config for java for policy FIPS
Saving config for javasystem for policy FIPS
Saving config for krb5 for policy FIPS
Saving config for libreswan for policy FIPS
Saving config for libssh for policy FIPS
Saving config for nss for policy FIPS
Saving config for openssh for policy FIPS
Saving config for opensshserver for policy FIPS
Saving config for opensslcnf for policy FIPS
Saving config for openssl_fips for policy FIPS
Saving config for openssl for policy FIPS
Saving config for rpm-sequoia for policy FIPS
Saving config for sequoia for policy FIPS
Saving config for bind for policy FUTURE
Saving config for gnutls for policy FUTURE
Saving config for java for policy FUTURE
Saving config for javasystem for policy FUTURE
Saving config for krb5 for policy FUTURE
Saving config for libreswan for policy FUTURE
Saving config for libssh for policy FUTURE
Saving config for nss for policy FUTURE
Saving config for openssh for policy FUTURE
Saving config for opensshserver for policy FUTURE
Saving config for opensslcnf for policy FUTURE
Saving config for openssl_fips for policy FUTURE
Saving config for openssl for policy FUTURE
Saving config for rpm-sequoia for policy FUTURE
Saving config for sequoia for policy FUTURE
Saving config for bind for policy GOST-ONLY
Saving config for gnutls for policy GOST-ONLY
Saving config for java for policy GOST-ONLY
Saving config for javasystem for policy GOST-ONLY
Saving config for krb5 for policy GOST-ONLY
Saving config for libreswan for policy GOST-ONLY
Saving config for libssh for policy GOST-ONLY
Saving config for nss for policy GOST-ONLY
Saving config for openssh for policy GOST-ONLY
Saving config for opensshserver for policy GOST-ONLY
Saving config for opensslcnf for policy GOST-ONLY
Saving config for openssl_fips for policy GOST-ONLY
Saving config for openssl for policy GOST-ONLY
Saving config for rpm-sequoia for policy GOST-ONLY
Saving config for sequoia for policy GOST-ONLY
Saving config for bind for policy LEGACY
Saving config for gnutls for policy LEGACY
Saving config for java for policy LEGACY
Saving config for javasystem for policy LEGACY
Saving config for krb5 for policy LEGACY
Saving config for libreswan for policy LEGACY
Saving config for libssh for policy LEGACY
Saving config for nss for policy LEGACY
Saving config for openssh for policy LEGACY
Saving config for opensshserver for policy LEGACY
Saving config for opensslcnf for policy LEGACY
Saving config for openssl_fips for policy LEGACY
Saving config for openssl for policy LEGACY
Saving config for rpm-sequoia for policy LEGACY
Saving config for sequoia for policy LEGACY
Saving config for bind for policy TEST-FEDORA41
Saving config for gnutls for policy TEST-FEDORA41
Saving config for java for policy TEST-FEDORA41
Saving config for javasystem for policy TEST-FEDORA41
Saving config for krb5 for policy TEST-FEDORA41
Saving config for libreswan for policy TEST-FEDORA41
Saving config for libssh for policy TEST-FEDORA41
Saving config for nss for policy TEST-FEDORA41
Saving config for openssh for policy TEST-FEDORA41
Saving config for opensshserver for policy TEST-FEDORA41
Saving config for opensslcnf for policy TEST-FEDORA41
Saving config for openssl_fips for policy TEST-FEDORA41
Saving config for openssl for policy TEST-FEDORA41
Saving config for rpm-sequoia for policy TEST-FEDORA41
Saving config for sequoia for policy TEST-FEDORA41
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpr_432qjt mtime 1718768258
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 13
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 7
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 10
NSS-POLICY-INFO: NUMBER-OF-ECC: 4
NSS-POLICY-INFO: NUMBER-OF-HASH: 3
NSS-POLICY-INFO: NUMBER-OF-MAC: 3
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 4
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 12
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmp4ha039py mtime 1718768258
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 16
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 12
NSS-POLICY-INFO: NUMBER-OF-ECC: 5
NSS-POLICY-INFO: NUMBER-OF-HASH: 4
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpom7did1o mtime 1718768258
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 14
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 8
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 11
NSS-POLICY-INFO: NUMBER-OF-ECC: 4
NSS-POLICY-INFO: NUMBER-OF-HASH: 4
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 4
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 18
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmp97t9ab3u mtime 1718768258
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 14
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 5
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 11
NSS-POLICY-INFO: NUMBER-OF-ECC: 5
NSS-POLICY-INFO: NUMBER-OF-HASH: 3
NSS-POLICY-INFO: NUMBER-OF-MAC: 3
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 2
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 8
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: marking hash SHAKE-128 as secure
gnutls[2]: cfg: marking hash SHA1 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature DSA-SHA256 as secure
gnutls[2]: cfg: marking signature DSA-SHA384 as secure
gnutls[2]: cfg: marking signature DSA-SHA512 as secure
gnutls[2]: cfg: marking signature DSA-SHA224 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure
gnutls[2]: cfg: marking signature RSA-SHA1 as secure
gnutls[2]: cfg: marking signature DSA-SHA1 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature rsa-sha1 as secure for certs
gnutls[2]: cfg: marking signature dsa-sha1 as secure for certs
gnutls[2]: cfg: marking signature ecdsa-sha1 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling cipher 3DES-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-DSS for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version TLS1.1
gnutls[2]: cfg: enabling version TLS1.0
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: enabling version DTLS1.0
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmp8piooshl mtime 1718768258
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA1 is enabled for SSL-KX
NSS-POLICY-INFO: SHA1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: DES-EDE3-CBC is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-DSS is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: DSA is enabled for SSL-KX
NSS-POLICY-INFO: DSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 19
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 10
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 14
NSS-POLICY-INFO: NUMBER-OF-ECC: 5
NSS-POLICY-INFO: NUMBER-OF-HASH: 5
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 6
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 5
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 33
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmp2ih1gumv mtime 1718768258
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 16
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 12
NSS-POLICY-INFO: NUMBER-OF-ECC: 5
NSS-POLICY-INFO: NUMBER-OF-HASH: 4
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
+ RPM_EC=0
++ jobs -p
+ exit 0
Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.d06GaH
mkdir -p /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/man
mkdir -p /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/man/man7
mkdir -p /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/man/man8
mkdir -p /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/bin
install -p -m 644 crypto-policies.7 /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/man/man7
+ umask 022
+ cd /builddir/build/BUILD/crypto-policies-20240521-build
+ '[' /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT '!=' / ']'
+ rm -rf /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT
++ dirname /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT
+ mkdir -p /builddir/build/BUILD/crypto-policies-20240521-build
+ mkdir /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT
+ CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=z13 -mtune=z14 -fasynchronous-unwind-tables -fstack-clash-protection '
+ export CFLAGS
+ CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=z13 -mtune=z14 -fasynchronous-unwind-tables -fstack-clash-protection '
+ export CXXFLAGS
+ FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=z13 -mtune=z14 -fasynchronous-unwind-tables -fstack-clash-protection -I/usr/lib/gfortran/modules '
+ export FFLAGS
+ FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=z13 -mtune=z14 -fasynchronous-unwind-tables -fstack-clash-protection -I/usr/lib/gfortran/modules '
+ export FCFLAGS
+ VALAFLAGS=-g
+ export VALAFLAGS
+ RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn'
+ export RUSTFLAGS
+ LDFLAGS='-Wl,-z,relro -Wl,--as-needed   -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -Wl,--build-id=sha1  '
+ export LDFLAGS
+ LT_SYS_LIBRARY_PATH=/usr/lib:
+ export LT_SYS_LIBRARY_PATH
+ CC=gcc
+ export CC
+ CXX=g++
+ export CXX
+ cd fedora-crypto-policies-f71d135-f71d135074d5c2c1b03002d327c7eee9a2a2cb42
+ mkdir -p -m 755 /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/
+ mkdir -p -m 755 /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/
+ mkdir -p -m 755 /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/etc/crypto-policies/back-ends/
+ mkdir -p -m 755 /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/etc/crypto-policies/state/
+ mkdir -p -m 755 /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/etc/crypto-policies/local.d/
+ mkdir -p -m 755 /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/etc/crypto-policies/policies/
+ mkdir -p -m 755 /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/etc/crypto-policies/policies/modules/
+ mkdir -p -m 755 /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/bin
+ make DESTDIR=/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT DIR=/usr/share/crypto-policies MANDIR=/usr/share/man -j3 install
install -p -m 644 update-crypto-policies.8 fips-finish-install.8 fips-mode-setup.8 /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/man/man8
install -p -m 755 update-crypto-policies fips-finish-install fips-mode-setup /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/bin
mkdir -p /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/
install -p -m 644 default-config /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies
install -p -m 644 output/reload-cmds.sh /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies
for f in $(find output -name '*.txt') ; do d=$(dirname $f | cut -f 2- -d '/')  ; install -p -m 644 -D -t /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d $f ; done
for f in $(find policies -name '*.p*') ; do d=$(dirname $f)  ; install -p -m 644 -D -t /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d $f ; done
for f in $(find python -name '*.py') ; do d=$(dirname $f) ; install -p -m 644 -D -t /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d $f ; done
chmod 755 /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/update-crypto-policies.py
chmod 755 /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/build-crypto-policies.py
+ install -p -m 644 default-config /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/etc/crypto-policies/config
+ touch /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/etc/crypto-policies/state/current
+ touch /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/etc/crypto-policies/state/CURRENT.pol
+ rm -rf /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/GOST-ONLY
+ rm -rf /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/BSI
+ rm -rf /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/TEST-FEDORA41
+ for d in LEGACY DEFAULT FUTURE FIPS
+ mkdir -p -m 755 /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/bind.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/bind.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/bind.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/gnutls.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/gnutls.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/gnutls.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/java.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/java.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/java.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/javasystem.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/javasystem.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/javasystem.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/krb5.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/krb5.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/krb5.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/libreswan.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/libreswan.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/libreswan.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/libssh.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/libssh.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/libssh.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/nss.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/nss.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/nss.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/openssh.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/openssh.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/openssh.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/opensshserver.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/opensshserver.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/opensshserver.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/openssl.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/openssl.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/openssl.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/openssl_fips.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/openssl_fips.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/openssl_fips.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/opensslcnf.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/opensslcnf.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/opensslcnf.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/rpm-sequoia.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/rpm-sequoia.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/rpm-sequoia.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/sequoia.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/LEGACY/sequoia.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/sequoia.config
+ for d in LEGACY DEFAULT FUTURE FIPS
+ mkdir -p -m 755 /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/bind.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/bind.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/bind.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/gnutls.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/gnutls.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/gnutls.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/java.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/java.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/java.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/javasystem.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/javasystem.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/javasystem.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/krb5.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/krb5.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/krb5.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/libreswan.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/libreswan.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/libreswan.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/libssh.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/libssh.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/libssh.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/nss.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/nss.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/nss.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/openssh.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/openssh.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/openssh.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/opensshserver.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/opensshserver.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/opensshserver.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/openssl.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/openssl.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/openssl.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/openssl_fips.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/openssl_fips.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/openssl_fips.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/opensslcnf.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/opensslcnf.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/opensslcnf.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/rpm-sequoia.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/rpm-sequoia.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/rpm-sequoia.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/sequoia.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/sequoia.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/sequoia.config
+ for d in LEGACY DEFAULT FUTURE FIPS
+ mkdir -p -m 755 /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/bind.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/bind.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/bind.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/gnutls.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/gnutls.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/gnutls.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/java.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/java.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/java.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/javasystem.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/javasystem.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/javasystem.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/krb5.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/krb5.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/krb5.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/libreswan.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/libreswan.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/libreswan.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/libssh.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/libssh.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/libssh.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/nss.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/nss.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/nss.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/openssh.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/openssh.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/openssh.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/opensshserver.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/opensshserver.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/opensshserver.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/openssl.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/openssl.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/openssl.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/openssl_fips.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/openssl_fips.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/openssl_fips.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/opensslcnf.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/opensslcnf.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/opensslcnf.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/rpm-sequoia.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/rpm-sequoia.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/rpm-sequoia.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/sequoia.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FUTURE/sequoia.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/sequoia.config
+ for d in LEGACY DEFAULT FUTURE FIPS
+ mkdir -p -m 755 /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/bind.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/bind.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/bind.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/gnutls.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/gnutls.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/gnutls.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/java.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/java.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/java.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/javasystem.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/javasystem.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/javasystem.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/krb5.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/krb5.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/krb5.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/libreswan.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/libreswan.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/libreswan.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/libssh.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/libssh.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/libssh.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/nss.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/nss.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/nss.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/openssh.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/openssh.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/openssh.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/opensshserver.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/opensshserver.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/opensshserver.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/openssl.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/openssl.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/openssl.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/openssl_fips.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/openssl_fips.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/openssl_fips.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/opensslcnf.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/opensslcnf.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/opensslcnf.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/rpm-sequoia.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/rpm-sequoia.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/rpm-sequoia.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/sequoia.txt .txt
+ ln /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/FIPS/sequoia.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/sequoia.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/bind.txt
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/bind.txt .txt
+ ln -sf /usr/share/crypto-policies/DEFAULT/bind.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/etc/crypto-policies/back-ends/bind.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/gnutls.txt
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/gnutls.txt .txt
+ ln -sf /usr/share/crypto-policies/DEFAULT/gnutls.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/etc/crypto-policies/back-ends/gnutls.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/java.txt
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/java.txt .txt
+ ln -sf /usr/share/crypto-policies/DEFAULT/java.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/etc/crypto-policies/back-ends/java.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/javasystem.txt
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/javasystem.txt .txt
+ ln -sf /usr/share/crypto-policies/DEFAULT/javasystem.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/etc/crypto-policies/back-ends/javasystem.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/krb5.txt
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/krb5.txt .txt
+ ln -sf /usr/share/crypto-policies/DEFAULT/krb5.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/etc/crypto-policies/back-ends/krb5.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/libreswan.txt
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/libreswan.txt .txt
+ ln -sf /usr/share/crypto-policies/DEFAULT/libreswan.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/etc/crypto-policies/back-ends/libreswan.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/libssh.txt
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/libssh.txt .txt
+ ln -sf /usr/share/crypto-policies/DEFAULT/libssh.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/etc/crypto-policies/back-ends/libssh.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/nss.txt
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/nss.txt .txt
+ ln -sf /usr/share/crypto-policies/DEFAULT/nss.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/etc/crypto-policies/back-ends/nss.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/openssh.txt
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/openssh.txt .txt
+ ln -sf /usr/share/crypto-policies/DEFAULT/openssh.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/etc/crypto-policies/back-ends/openssh.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/opensshserver.txt
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/opensshserver.txt .txt
+ ln -sf /usr/share/crypto-policies/DEFAULT/opensshserver.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/etc/crypto-policies/back-ends/opensshserver.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/openssl.txt
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/openssl.txt .txt
+ ln -sf /usr/share/crypto-policies/DEFAULT/openssl.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/etc/crypto-policies/back-ends/openssl.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/openssl_fips.txt
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/openssl_fips.txt .txt
+ ln -sf /usr/share/crypto-policies/DEFAULT/openssl_fips.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/etc/crypto-policies/back-ends/openssl_fips.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/opensslcnf.txt
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/opensslcnf.txt .txt
+ ln -sf /usr/share/crypto-policies/DEFAULT/opensslcnf.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/etc/crypto-policies/back-ends/opensslcnf.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/rpm-sequoia.txt
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/rpm-sequoia.txt .txt
+ ln -sf /usr/share/crypto-policies/DEFAULT/rpm-sequoia.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/etc/crypto-policies/back-ends/rpm-sequoia.config
+ for f in /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/*
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/sequoia.txt
++ basename /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/sequoia.txt .txt
+ ln -sf /usr/share/crypto-policies/DEFAULT/sequoia.txt /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/etc/crypto-policies/back-ends/sequoia.config
+ [[ /usr/bin/python3 =~  - ]]
+ clamp_source_mtime /usr/bin/python3 /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python
+ python_binary='env /usr/bin/python3'
+ bytecode_compilation_path=/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python
+ PYTHONPATH=/usr/lib/rpm/redhat
+ env /usr/bin/python3 -s -B -m clamp_source_mtime /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python
Listing '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python'...
Clamping mtime of '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/build-crypto-policies.py'
Listing '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies'...
Clamping mtime of '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/__init__.py'
Clamping mtime of '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/alg_lists.py'
Clamping mtime of '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/cryptopolicies.py'
Listing '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation'...
Clamping mtime of '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation/__init__.py'
Clamping mtime of '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation/alg_lists.py'
Clamping mtime of '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation/general.py'
Clamping mtime of '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation/rules.py'
Clamping mtime of '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation/scope.py'
Listing '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators'...
Clamping mtime of '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/__init__.py'
Clamping mtime of '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/bind.py'
Clamping mtime of '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/configgenerator.py'
Clamping mtime of '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/gnutls.py'
Clamping mtime of '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/java.py'
Clamping mtime of '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/krb5.py'
Clamping mtime of '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/libreswan.py'
Clamping mtime of '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/libssh.py'
Clamping mtime of '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/nss.py'
Clamping mtime of '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/openssh.py'
Clamping mtime of '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/openssl.py'
Clamping mtime of '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/sequoia.py'
Clamping mtime of '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/update-crypto-policies.py'
++ /usr/bin/python3 -c 'import sys; sys.stdout.write('\''{0.major}{0.minor}'\''.format(sys.version_info))'
+ python_version=313
+ '[' 313 -ge 39 ']'
+ py39_byte_compile /usr/bin/python3 /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python
+ python_binary='env PYTHONHASHSEED=0 /usr/bin/python3'
+ bytecode_compilation_path=/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python
+ env PYTHONHASHSEED=0 /usr/bin/python3 -s -B -m compileall -j3 -o 0 -o 1 -s /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT -p / --hardlink-dupes --invalidation-mode=timestamp /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python
Listing '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python'...
Listing '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies'...
Listing '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation'...
Listing '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators'...
Compiling '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/gnutls.py'...
Compiling '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/java.py'...
Compiling '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/krb5.py'...
Compiling '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/libreswan.py'...
Compiling '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation/__init__.py'...
Compiling '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation/alg_lists.py'...
Compiling '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation/general.py'...
Compiling '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation/rules.py'...
Compiling '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation/scope.py'...
Compiling '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/__init__.py'...
Compiling '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/bind.py'...
Compiling '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/configgenerator.py'...
Compiling '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/libssh.py'...
Compiling '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/nss.py'...
Compiling '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/openssh.py'...
Compiling '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/openssl.py'...
Compiling '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/build-crypto-policies.py'...
Compiling '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/__init__.py'...
Compiling '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/alg_lists.py'...
Compiling '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/cryptopolicies.py'...
Compiling '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/sequoia.py'...
Compiling '/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/update-crypto-policies.py'...
+ /usr/lib/rpm/check-buildroot
+ /usr/lib/rpm/redhat/brp-ldconfig
+ /usr/lib/rpm/brp-compress
+ /usr/lib/rpm/brp-strip /usr/bin/strip
+ /usr/lib/rpm/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump
+ /usr/lib/rpm/redhat/brp-strip-lto /usr/bin/strip
+ /usr/lib/rpm/brp-strip-static-archive /usr/bin/strip
+ /usr/lib/rpm/check-rpaths
+ /usr/lib/rpm/redhat/brp-mangle-shebangs
mangling shebang in /usr/bin/fips-finish-install from /bin/bash to #!/usr/bin/bash
mangling shebang in /usr/bin/fips-mode-setup from /bin/bash to #!/usr/bin/bash
+ /usr/lib/rpm/brp-remove-la-files
+ env /usr/lib/rpm/redhat/brp-python-bytecompile '' 1 0 -j3
+ /usr/lib/rpm/redhat/brp-python-hardlink
+ /usr/bin/add-determinism --brp -j3 /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT
/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation/__pycache__/alg_lists.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation/__pycache__/rules.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation/__pycache__/general.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation/__pycache__/scope.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/__pycache__/alg_lists.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/__pycache__/cryptopolicies.cpython-313.pyc: replacing with normalized version
/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/__pycache__/cryptopolicies.cpython-313.opt-1.pyc: replacing with normalized version
/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/__pycache__/__init__.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/__pycache__/bind.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/__pycache__/configgenerator.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/__pycache__/libssh.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/__pycache__/gnutls.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/__pycache__/nss.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/__pycache__/java.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/__pycache__/krb5.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/__pycache__/openssh.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/__pycache__/sequoia.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/__pycache__/libreswan.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/__pycache__/openssl.cpython-313.pyc: replacing with normalized version
/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/__pycache__/openssl.cpython-313.opt-1.pyc: replacing with normalized version
/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/__pycache__/build-crypto-policies.cpython-313.pyc: rewriting with normalized contents
/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/crypto-policies/python/__pycache__/update-crypto-policies.cpython-313.pyc: rewriting with normalized contents
Processed 24 paths
Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.Ro0wZe
+ umask 022
+ cd /builddir/build/BUILD/crypto-policies-20240521-build
+ CFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=z13 -mtune=z14 -fasynchronous-unwind-tables -fstack-clash-protection '
+ export CFLAGS
+ CXXFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=z13 -mtune=z14 -fasynchronous-unwind-tables -fstack-clash-protection '
+ export CXXFLAGS
+ FFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=z13 -mtune=z14 -fasynchronous-unwind-tables -fstack-clash-protection -I/usr/lib/gfortran/modules '
+ export FFLAGS
+ FCFLAGS='-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64 -march=z13 -mtune=z14 -fasynchronous-unwind-tables -fstack-clash-protection -I/usr/lib/gfortran/modules '
+ export FCFLAGS
+ VALAFLAGS=-g
+ export VALAFLAGS
+ RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none -Cforce-frame-pointers=yes --cap-lints=warn'
+ export RUSTFLAGS
+ LDFLAGS='-Wl,-z,relro -Wl,--as-needed   -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -Wl,--build-id=sha1  '
+ export LDFLAGS
+ LT_SYS_LIBRARY_PATH=/usr/lib:
+ export LT_SYS_LIBRARY_PATH
+ CC=gcc
+ export CC
+ CXX=g++
+ export CXX
+ cd fedora-crypto-policies-f71d135-f71d135074d5c2c1b03002d327c7eee9a2a2cb42
+ make test -j3 SKIP_LINTING=1
python/build-crypto-policies.py --strict --test --flat policies tests/outputs
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpg735389h mtime 1718768260
gnutls[2]: cfg: deferred setting system-wide priority string
============================= test session starts ==============================
platform linux -- Python 3.13.0b2, pytest-7.4.3, pluggy-1.3.0 -- /usr/bin/python3
cachedir: .pytest_cache
rootdir: /builddir/build/BUILD/crypto-policies-20240521-build/fedora-crypto-policies-f71d135-f71d135074d5c2c1b03002d327c7eee9a2a2cb42
configfile: pytest.ini
collecting ... ============================= test session starts ==============================
platform linux -- Python 3.13.0b2, pytest-7.4.3, pluggy-1.3.0 -- /usr/bin/python3
cachedir: .pytest_cache
rootdir: /builddir/build/BUILD/crypto-policies-20240521-build/fedora-crypto-policies-f71d135-f71d135074d5c2c1b03002d327c7eee9a2a2cb42
configfile: pytest.ini
collecting ... NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 13
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 7
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 10
NSS-POLICY-INFO: NUMBER-OF-ECC: 4
NSS-POLICY-INFO: NUMBER-OF-HASH: 3
NSS-POLICY-INFO: NUMBER-OF-MAC: 3
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 4
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 12
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
collected 12 items
python/cryptopolicies/alg_lists.py::cryptopolicies.alg_lists.earliest_occurrence PASSED [  8%]
python/cryptopolicies/alg_lists.py::cryptopolicies.alg_lists.glob PASSED [ 16%]
python/cryptopolicies/alg_lists.py::cryptopolicies.alg_lists.max_dtls_version PASSED [ 25%]
python/cryptopolicies/alg_lists.py::cryptopolicies.alg_lists.max_tls_version PASSED [ 33%]
python/cryptopolicies/alg_lists.py::cryptopolicies.alg_lists.min_dtls_version PASSED [ 41%]
python/cryptopolicies/alg_lists.py::cryptopolicies.alg_lists.min_tls_version PASSED [ 50%]
python/cryptopolicies/cryptopolicies.py::cryptopolicies.cryptopolicies.ScopeSelector.__init__ PASSED [ 58%]
python/cryptopolicies/cryptopolicies.py::cryptopolicies.cryptopolicies.ScopeSelector.matches PASSED [ 66%]
python/cryptopolicies/cryptopolicies.py::cryptopolicies.cryptopolicies.ScopedPolicy PASSED [ 75%]
python/cryptopolicies/cryptopolicies.py::cryptopolicies.cryptopolicies.parse_line sequoia-policy-config-check returns 0
PASSED [ 83%]
python/cryptopolicies/cryptopolicies.py::cryptopolicies.cryptopolicies.parse_rhs sequoia-policy-config-check returns 0
PASSED [ 91%]
python/cryptopolicies/cryptopolicies.py::cryptopolicies.cryptopolicies.preprocess_text PASSED [100%]
============================== 12 passed in 0.04s ==============================
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmp0ypkiltp mtime 1718768260
gnutls[2]: cfg: deferred setting system-wide priority string
collected 47 items
tests/unit/test_alg_lists.py::test_glob_alg_sanity PASSED                [  2%]
tests/unit/test_alg_lists.py::test_glob_alg_globbing PASSED              [  4%]
tests/unit/test_alg_lists.py::test_glob_experimental PASSED              [  6%]
tests/unit/test_alg_lists.py::test_glob_alg_algorithm_empty PASSED       [  8%]
tests/unit/test_alg_lists.py::test_glob_alg_algorithm_class_unknown PASSED [ 10%]
tests/unit/test_alg_lists.py::test_min_versions PASSED                   [ 12%]
tests/unit/test_alg_lists.py::test_max_versions PASSED                   [ 14%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_is_empty PASSED       [ 17%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_not_found PASSED      [ 19%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_smoke_broken PASSED   [ 21%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_smoke_basic PASSED    [ 23%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_smoke_subpolicy PASSED [ 25%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_smoke_several_subpolicies PASSED [ 27%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_compat_diamond_new_recommended PASSED [ 29%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_compat_diamond_old_recommended PASSED [ 31%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_compat_diamond_breaking1 PASSED [ 34%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_compat_diamond_breaking2 PASSED [ 36%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_sha1_in_dnssec PASSED [ 38%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_compat_to_enum PASSED [ 40%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_compat_scoped_ssh_etm_to_enum PASSED [ 42%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_prepend_order PASSED  [ 44%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_no_duplicates PASSED  [ 46%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_minver PASSED         [ 48%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_maxver PASSED         [ 51%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_experimental PASSED   [ 53%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_to_string_empty PASSED [ 55%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_to_string_twisted PASSED [ 57%]
tests/unit/test_parse_line.py::test_parse_line PASSED                    [ 59%]
tests/unit/test_parse_line.py::test_parse_bad PASSED                     [ 61%]
tests/unit/test_parse_rhs.py::test_parse_rhs PASSED                      [ 63%]
tests/unit/test_preprocess_text.py::test_preprocess_text_basics PASSED   [ 65%]
tests/unit/test_preprocess_text.py::test_preprocess_text_compat PASSED   [ 68%]
tests/unit/test_preprocess_text.py::test_preprocess_text_compat_problematic PASSED [ 70%]
tests/unit/test_preprocess_text.py::test_preprocess_text_compat_diamond_problem PASSED [ 72%]
tests/unit/test_scope_selector.py::test_scope_selector_any NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 16
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 12
NSS-POLICY-INFO: NUMBER-OF-ECC: 5
NSS-POLICY-INFO: NUMBER-OF-HASH: 4
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
PASSED        [ 74%]
tests/unit/test_scope_selector.py::test_scope_selector_tls PASSED        [ 76%]
tests/unit/test_scope_selector.py::test_scope_selector_nontls PASSED     [ 78%]
tests/unit/test_scope_selector.py::test_scope_selector_posglob PASSED    [ 80%]
tests/unit/test_scope_selector.py::test_scope_selector_negglob PASSED    [ 82%]
tests/unit/test_scope_selector.py::test_scope_selector_posmixed PASSED   [ 85%]
tests/unit/test_scope_selector.py::test_scope_selector_negmixed PASSED   [ 87%]
tests/unit/test_scope_selector.py::test_scope_selector_curly_brackets PASSED [ 89%]
tests/unit/test_scope_selector.py::test_scope_selector_empty PASSED      [ 91%]
tests/unit/test_scope_selector.py::test_scope_selector_illegal_character PASSED [ 93%]
tests/unit/test_scope_selector.py::test_scope_selector_comma PASSED      [ 95%]
tests/unit/test_scope_selector.py::test_scope_selector_unknown PASSED    [ 97%]
tests/unit/test_scope_selector.py::test_scope_selector_nomatch PASSED    [100%]
============================== 47 passed in 0.15s ==============================
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpch57a9pd mtime 1718768260
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 14
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 8
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 11
NSS-POLICY-INFO: NUMBER-OF-ECC: 4
NSS-POLICY-INFO: NUMBER-OF-HASH: 4
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 4
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 18
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpvsn_5stc mtime 1718768260
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 14
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 5
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 11
NSS-POLICY-INFO: NUMBER-OF-ECC: 5
NSS-POLICY-INFO: NUMBER-OF-HASH: 3
NSS-POLICY-INFO: NUMBER-OF-MAC: 3
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 2
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 8
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: marking hash SHAKE-128 as secure
gnutls[2]: cfg: marking hash SHA1 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature DSA-SHA256 as secure
gnutls[2]: cfg: marking signature DSA-SHA384 as secure
gnutls[2]: cfg: marking signature DSA-SHA512 as secure
gnutls[2]: cfg: marking signature DSA-SHA224 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure
gnutls[2]: cfg: marking signature RSA-SHA1 as secure
gnutls[2]: cfg: marking signature DSA-SHA1 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature rsa-sha1 as secure for certs
gnutls[2]: cfg: marking signature dsa-sha1 as secure for certs
gnutls[2]: cfg: marking signature ecdsa-sha1 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling cipher 3DES-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-DSS for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version TLS1.1
gnutls[2]: cfg: enabling version TLS1.0
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: enabling version DTLS1.0
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpqlb14_sy mtime 1718768261
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA1 is enabled for SSL-KX
NSS-POLICY-INFO: SHA1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: DES-EDE3-CBC is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-DSS is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: DSA is enabled for SSL-KX
NSS-POLICY-INFO: DSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 19
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 10
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 14
NSS-POLICY-INFO: NUMBER-OF-ECC: 5
NSS-POLICY-INFO: NUMBER-OF-HASH: 5
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 6
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 5
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 33
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpxnuiaaye mtime 1718768261
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 16
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 12
NSS-POLICY-INFO: NUMBER-OF-ECC: 5
NSS-POLICY-INFO: NUMBER-OF-HASH: 4
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
python/build-crypto-policies.py --strict --policy FIPS:OSPP --test --flat policies tests/outputs
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmp2ba_n5nk mtime 1718768261
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 11
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 5
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 8
NSS-POLICY-INFO: NUMBER-OF-ECC: 2
NSS-POLICY-INFO: NUMBER-OF-HASH: 3
NSS-POLICY-INFO: NUMBER-OF-MAC: 3
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 2
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 5
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
python/build-crypto-policies.py --strict --policy FIPS:ECDHE-ONLY --test --flat policies tests/outputs
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmphxv8c7gl mtime 1718768261
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 13
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 8
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 11
NSS-POLICY-INFO: NUMBER-OF-ECC: 4
NSS-POLICY-INFO: NUMBER-OF-HASH: 4
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 4
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 2
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 12
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
python/build-crypto-policies.py --strict --policy FIPS:NO-ENFORCE-EMS --test --flat policies tests/outputs
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpd0inol6b mtime 1718768261
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 14
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 8
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 11
NSS-POLICY-INFO: NUMBER-OF-ECC: 4
NSS-POLICY-INFO: NUMBER-OF-HASH: 4
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 4
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 18
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
python/build-crypto-policies.py --strict --policy DEFAULT:GOST --test --flat policies tests/outputs
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmp41v9656o mtime 1718768261
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 16
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 12
NSS-POLICY-INFO: NUMBER-OF-ECC: 5
NSS-POLICY-INFO: NUMBER-OF-HASH: 4
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
python/build-crypto-policies.py --strict --policy GOST-ONLY --test --flat policies tests/outputs
python/build-crypto-policies.py --strict --policy LEGACY:AD-SUPPORT --test --flat policies tests/outputs
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: marking hash SHAKE-128 as secure
gnutls[2]: cfg: marking hash SHA1 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature DSA-SHA256 as secure
gnutls[2]: cfg: marking signature DSA-SHA384 as secure
gnutls[2]: cfg: marking signature DSA-SHA512 as secure
gnutls[2]: cfg: marking signature DSA-SHA224 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure
gnutls[2]: cfg: marking signature RSA-SHA1 as secure
gnutls[2]: cfg: marking signature DSA-SHA1 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature rsa-sha1 as secure for certs
gnutls[2]: cfg: marking signature dsa-sha1 as secure for certs
gnutls[2]: cfg: marking signature ecdsa-sha1 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling cipher 3DES-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-DSS for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version TLS1.1
gnutls[2]: cfg: enabling version TLS1.0
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: enabling version DTLS1.0
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmptak15nea mtime 1718768262
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA1 is enabled for SSL-KX
NSS-POLICY-INFO: SHA1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: DES-EDE3-CBC is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-DSS is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: DSA is enabled for SSL-KX
NSS-POLICY-INFO: DSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 19
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 10
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 14
NSS-POLICY-INFO: NUMBER-OF-ECC: 5
NSS-POLICY-INFO: NUMBER-OF-HASH: 5
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 6
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 5
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 33
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
python/build-crypto-policies.py --strict --policy TEST-FEDORA41 --test --flat policies tests/outputs
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmp7w395rbq mtime 1718768262
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 16
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 12
NSS-POLICY-INFO: NUMBER-OF-ECC: 5
NSS-POLICY-INFO: NUMBER-OF-HASH: 4
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
python/build-crypto-policies.py --policy DEFAULT:TEST-PQ --test --flat policies tests/outputs  # not strict
ExperimentalValueWarning: `group` value `P384-MLKEM1024` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `P521-MLKEM1024` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `MLKEM1024` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `P256-MLKEM768` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `X25519-MLKEM768` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `X448-MLKEM768` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `P384-MLKEM768` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `MLKEM768` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `X25519-MLKEM512` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `P256-MLKEM512` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `MLKEM512` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `P256-KYBER768` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `X25519-KYBER768` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `KYBER768` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `RSA3072-SPHINCSSHAKE128FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P256-SPHINCSSHAKE128FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `SPHINCSSHAKE128FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P384-SPHINCSSHA2192FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `SPHINCSSHA2192FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `RSA3072-SPHINCSSHA2128SSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P256-SPHINCSSHA2128SSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `SPHINCSSHA2128SSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `RSA3072-SPHINCSSHA2128FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P256-SPHINCSSHA2128FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `SPHINCSSHA2128FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P521-FALCONPADDED1024` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `FALCONPADDED1024` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P521-FALCON1024` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `FALCON1024` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `RSA3072-FALCONPADDED512` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P256-FALCONPADDED512` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `FALCONPADDED512` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `RSA3072-FALCON512` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P256-FALCON512` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `FALCON512` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA87-ED448` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA87-BP384` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA87-P384` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P521-MLDSA87` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA87` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA65-ED25519` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA65-BP256` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA65-P256` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA65-RSA3072` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA65-PSS3072` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P384-MLDSA65` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA65` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA44-BP256` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA44-P256` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA44-ED25519` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA44-RSA2048` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA44-PSS2048` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `RSA3072-MLDSA44` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P256-MLDSA44` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA44` is experimental and might go away in the future
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpvzc4xxwk mtime 1718768262
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 16
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 12
NSS-POLICY-INFO: NUMBER-OF-ECC: 5
NSS-POLICY-INFO: NUMBER-OF-HASH: 4
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
tests/openssl.py
Checking the OpenSSL configuration
Checking policy BSI
Checking policy DEFAULT
Checking policy DEFAULT:GOST
Checking policy DEFAULT:TEST-PQ
Checking policy FIPS
Checking policy FIPS:ECDHE-ONLY
Checking policy FIPS:NO-ENFORCE-EMS
Checking policy FIPS:OSPP
Checking policy FUTURE
Checking policy LEGACY
Checking policy LEGACY:AD-SUPPORT
Checking policy TEST-FEDORA41
tests/gnutls.py
Checking the GnuTLS configuration
Checking policy BSI
Checking policy DEFAULT
Checking policy DEFAULT:GOST
Checking policy DEFAULT:TEST-PQ
Checking policy EMPTY
Checking policy FIPS
Checking policy FIPS:ECDHE-ONLY
Checking policy FIPS:NO-ENFORCE-EMS
Checking policy FIPS:OSPP
Checking policy FUTURE
Checking policy LEGACY
Checking policy LEGACY:AD-SUPPORT
Checking policy TEST-FEDORA41
tests/nss.py
Checking the NSS configuration
Checking policy BSI
Checking policy DEFAULT
Checking policy DEFAULT:GOST
Checking policy DEFAULT:TEST-PQ
Checking policy EMPTY
Checking policy FIPS
Checking policy FIPS:ECDHE-ONLY
Checking policy FIPS:NO-ENFORCE-EMS
Checking policy FIPS:OSPP
Checking policy FUTURE
Checking policy GOST-ONLY
Checking policy LEGACY
Checking policy LEGACY:AD-SUPPORT
Checking policy TEST-FEDORA41
tests/java.py
Checking the Java configuration
Checking policy BSI
Checking policy DEFAULT
Checking policy DEFAULT:GOST
Checking policy DEFAULT:TEST-PQ
Checking policy EMPTY
Checking policy FIPS
Checking policy FIPS:ECDHE-ONLY
Checking policy FIPS:NO-ENFORCE-EMS
Checking policy FIPS:OSPP
Checking policy FUTURE
Checking policy GOST-ONLY
Checking policy LEGACY
Checking policy LEGACY:AD-SUPPORT
Checking policy TEST-FEDORA41
tests/krb5.py
Skipping krb5 test; checker not found!
top_srcdir=. tests/update-crypto-policies.sh
Saving config for bind for policy BSI
Saving config for gnutls for policy BSI
Saving config for java for policy BSI
Saving config for javasystem for policy BSI
Saving config for krb5 for policy BSI
Saving config for libreswan for policy BSI
Saving config for libssh for policy BSI
Saving config for nss for policy BSI
Saving config for openssh for policy BSI
Saving config for opensshserver for policy BSI
Saving config for opensslcnf for policy BSI
Saving config for openssl_fips for policy BSI
Saving config for openssl for policy BSI
Saving config for rpm-sequoia for policy BSI
Saving config for sequoia for policy BSI
Saving config for bind for policy DEFAULT
Saving config for gnutls for policy DEFAULT
Saving config for java for policy DEFAULT
Saving config for javasystem for policy DEFAULT
Saving config for krb5 for policy DEFAULT
Saving config for libreswan for policy DEFAULT
Saving config for libssh for policy DEFAULT
Saving config for nss for policy DEFAULT
Saving config for openssh for policy DEFAULT
Saving config for opensshserver for policy DEFAULT
Saving config for opensslcnf for policy DEFAULT
Saving config for openssl_fips for policy DEFAULT
Saving config for openssl for policy DEFAULT
Saving config for rpm-sequoia for policy DEFAULT
Saving config for sequoia for policy DEFAULT
Saving config for bind for policy EMPTY
Saving config for gnutls for policy EMPTY
Saving config for java for policy EMPTY
Saving config for javasystem for policy EMPTY
Saving config for krb5 for policy EMPTY
Saving config for libreswan for policy EMPTY
Saving config for libssh for policy EMPTY
Saving config for nss for policy EMPTY
Saving config for openssh for policy EMPTY
Saving config for opensshserver for policy EMPTY
Saving config for opensslcnf for policy EMPTY
Saving config for openssl_fips for policy EMPTY
Saving config for openssl for policy EMPTY
Saving config for rpm-sequoia for policy EMPTY
Saving config for sequoia for policy EMPTY
Saving config for bind for policy FIPS
Saving config for gnutls for policy FIPS
Saving config for java for policy FIPS
Saving config for javasystem for policy FIPS
Saving config for krb5 for policy FIPS
Saving config for libreswan for policy FIPS
Saving config for libssh for policy FIPS
Saving config for nss for policy FIPS
Saving config for openssh for policy FIPS
Saving config for opensshserver for policy FIPS
Saving config for opensslcnf for policy FIPS
Saving config for openssl_fips for policy FIPS
Saving config for openssl for policy FIPS
Saving config for rpm-sequoia for policy FIPS
Saving config for sequoia for policy FIPS
Saving config for bind for policy FUTURE
Saving config for gnutls for policy FUTURE
Saving config for java for policy FUTURE
Saving config for javasystem for policy FUTURE
Saving config for krb5 for policy FUTURE
Saving config for libreswan for policy FUTURE
Saving config for libssh for policy FUTURE
Saving config for nss for policy FUTURE
Saving config for openssh for policy FUTURE
Saving config for opensshserver for policy FUTURE
Saving config for opensslcnf for policy FUTURE
Saving config for openssl_fips for policy FUTURE
Saving config for openssl for policy FUTURE
Saving config for rpm-sequoia for policy FUTURE
Saving config for sequoia for policy FUTURE
Saving config for bind for policy GOST-ONLY
Saving config for gnutls for policy GOST-ONLY
Saving config for java for policy GOST-ONLY
Saving config for javasystem for policy GOST-ONLY
Saving config for krb5 for policy GOST-ONLY
Saving config for libreswan for policy GOST-ONLY
Saving config for libssh for policy GOST-ONLY
Saving config for nss for policy GOST-ONLY
Saving config for openssh for policy GOST-ONLY
Saving config for opensshserver for policy GOST-ONLY
Saving config for opensslcnf for policy GOST-ONLY
Saving config for openssl_fips for policy GOST-ONLY
Saving config for openssl for policy GOST-ONLY
Saving config for rpm-sequoia for policy GOST-ONLY
Saving config for sequoia for policy GOST-ONLY
Saving config for bind for policy LEGACY
Saving config for gnutls for policy LEGACY
Saving config for java for policy LEGACY
Saving config for javasystem for policy LEGACY
Saving config for krb5 for policy LEGACY
Saving config for libreswan for policy LEGACY
Saving config for libssh for policy LEGACY
Saving config for nss for policy LEGACY
Saving config for openssh for policy LEGACY
Saving config for opensshserver for policy LEGACY
Saving config for opensslcnf for policy LEGACY
Saving config for openssl_fips for policy LEGACY
Saving config for openssl for policy LEGACY
Saving config for rpm-sequoia for policy LEGACY
Saving config for sequoia for policy LEGACY
Saving config for bind for policy TEST-FEDORA41
Saving config for gnutls for policy TEST-FEDORA41
Saving config for java for policy TEST-FEDORA41
Saving config for javasystem for policy TEST-FEDORA41
Saving config for krb5 for policy TEST-FEDORA41
Saving config for libreswan for policy TEST-FEDORA41
Saving config for libssh for policy TEST-FEDORA41
Saving config for nss for policy TEST-FEDORA41
Saving config for openssh for policy TEST-FEDORA41
Saving config for opensshserver for policy TEST-FEDORA41
Saving config for opensslcnf for policy TEST-FEDORA41
Saving config for openssl_fips for policy TEST-FEDORA41
Saving config for openssl for policy TEST-FEDORA41
Saving config for rpm-sequoia for policy TEST-FEDORA41
Saving config for sequoia for policy TEST-FEDORA41
tests/update-crypto-policies.sh: checking if default profile is properly selected
Setting system policy to DEFAULT
Note: System-wide crypto policies are applied on application start-up.
It is recommended to restart the system for the change of policies
to fully take place.
tests/update-crypto-policies.sh: checking if current policy dump is equal to the original default profile
PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement
Setting system policy to CURRENT
Note: System-wide crypto policies are applied on application start-up.
It is recommended to restart the system for the change of policies
to fully take place.
tests/update-crypto-policies.sh: checking if switching to other profile works
Setting system policy to LEGACY
Note: System-wide crypto policies are applied on application start-up.
It is recommended to restart the system for the change of policies
to fully take place.
tests/update-crypto-policies.sh: checking if local.d works
Setting system policy to DEFAULT
Note: System-wide crypto policies are applied on application start-up.
It is recommended to restart the system for the change of policies
to fully take place.
tests/update-crypto-policies.sh: checking if --check works (test 1)
The configured policy matches the generated policy
The configured policy does NOT match the generated policy
--check works as expected
tests/update-crypto-policies.sh: checking if --check works (test 2)
Setting system policy to DEFAULT
Note: System-wide crypto policies are applied on application start-up.
It is recommended to restart the system for the change of policies
to fully take place.
The configured policy matches the generated policy
The configured policy does NOT match the generated policy
--check works as expected
cp -r tests/outputs output/alt
python/build-crypto-policies.py --test --flat tests/alternative-policies output/alt
PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and mac@krb5 = -HMAC-SHA1 and mac@krb5 = HMAC-SHA1+ and group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA*-224 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 and cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 CAMELLIA-256-GCM AES-256-CTR AES-256-CBC CAMELLIA-256-CBC AES-128-GCM AES-128-CCM CAMELLIA-128-GCM AES-128-CTR AES-128-CBC CAMELLIA-128-CBC and cipher@*sequoia = AES-*-CFB CAMELLIA-*-CFB and cipher@{rpm-sequoia,sequoia} = -*-192-CFB and key_exchange = ECDHE RSA DHE DHE-RSA PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 0 and hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+ and arbitrary_dh_groups = 1 and ssh_certs = 1 and ssh_etm = 1 and sign@rpm-sequoia = DSA-SHA1+ and hash@rpm-sequoia = SHA1+ and min_dsa_size@rpm-sequoia = 1024 and cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CBC and cipher@SSH = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR AES-128-GCM AES-128-CTR and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and mac@krb5 = -HMAC-SHA1 and mac@krb5 = HMAC-SHA1+ and group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA*-224 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 and cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 CAMELLIA-256-GCM AES-256-CTR AES-256-CBC CAMELLIA-256-CBC AES-128-GCM AES-128-CCM CAMELLIA-128-GCM AES-128-CTR AES-128-CBC CAMELLIA-128-CBC and cipher@*sequoia = AES-*-CFB CAMELLIA-*-CFB and cipher@{rpm-sequoia,sequoia} = -*-192-CFB and key_exchange = ECDHE RSA DHE DHE-RSA PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 0 and hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+ and arbitrary_dh_groups = 1 and ssh_certs = 1 and etm@SSH = ANY and sign@rpm-sequoia = DSA-SHA1+ and hash@rpm-sequoia = SHA1+ and min_dsa_size@rpm-sequoia = 1024 and cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CBC and cipher@SSH = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR AES-128-GCM AES-128-CTR and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmp4lvykflw mtime 1718768269
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 16
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 12
NSS-POLICY-INFO: NUMBER-OF-ECC: 5
NSS-POLICY-INFO: NUMBER-OF-HASH: 4
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_group is deprecated, please rewrite your rules using group@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 0 is deprecated, please rewrite your rules using mac = and group = and hash = and sign = and cipher = and key_exchange = and protocol = and min_tls_version = 0 and min_dtls_version = 0 and min_dh_size = 0 and min_dsa_size = 0 and min_rsa_size = 0 and sha1_in_certs = 0 and hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1 and arbitrary_dh_groups = 0 and ssh_certs = 0 and ssh_etm = 0 and cipher@TLS = and cipher@SSH = and group@SSH = and protocol@IKE =; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_etm = 0 is deprecated, please rewrite your rules using mac = and group = and hash = and sign = and cipher = and key_exchange = and protocol = and min_tls_version = 0 and min_dtls_version = 0 and min_dh_size = 0 and min_dsa_size = 0 and min_rsa_size = 0 and sha1_in_certs = 0 and hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1 and arbitrary_dh_groups = 0 and ssh_certs = 0 and etm@SSH = DISABLE_ETM and cipher@TLS = and cipher@SSH = and group@SSH = and protocol@IKE =; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 0 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 HMAC-SHA1 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and mac@krb5 = -HMAC-SHA1 and mac@krb5 = HMAC-SHA1+ and group = SECP256R1 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA2-224 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 and cipher = AES-256-GCM AES-256-CCM AES-256-CTR AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CTR AES-128-CBC and cipher@{RPM,sequoia} = AES-*-CFB and cipher@*sequoia = -*-192-CFB and key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 0 and hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1 and arbitrary_dh_groups = 1 and ssh_certs = 1 and ssh_etm = 1 and __ems = ENFORCE and cipher@TLS = AES-256-GCM AES-256-CCM AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CBC and cipher@SSH = AES-256-GCM AES-256-CTR AES-128-GCM AES-128-CTR and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 HMAC-SHA1 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and mac@krb5 = -HMAC-SHA1 and mac@krb5 = HMAC-SHA1+ and group = SECP256R1 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA2-224 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 and cipher = AES-256-GCM AES-256-CCM AES-256-CTR AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CTR AES-128-CBC and cipher@{RPM,sequoia} = AES-*-CFB and cipher@*sequoia = -*-192-CFB and key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 0 and hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1 and arbitrary_dh_groups = 1 and ssh_certs = 1 and etm@SSH = ANY and __ems = ENFORCE and cipher@TLS = AES-256-GCM AES-256-CCM AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CBC and cipher@SSH = AES-256-GCM AES-256-CTR AES-128-GCM AES-128-CTR and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpztaxla8_ mtime 1718768269
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 14
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 8
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 11
NSS-POLICY-INFO: NUMBER-OF-ECC: 4
NSS-POLICY-INFO: NUMBER-OF-HASH: 4
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 4
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 18
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 0 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 and cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 CAMELLIA-256-GCM AES-256-CTR AES-256-CBC CAMELLIA-256-CBC AES-256-CFB CAMELLIA-256-CFB and cipher@sequoia = *-256-CFB and key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK ECDHE-GSS DHE-GSS and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 3072 and min_dsa_size = 3072 and min_rsa_size = 3072 and sha1_in_certs = 0 and hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1 and arbitrary_dh_groups = 1 and ssh_certs = 1 and ssh_etm = 1 and __openssl_block_sha1_signatures = 1 and cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 and cipher@SSH = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 and cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 CAMELLIA-256-GCM AES-256-CTR AES-256-CBC CAMELLIA-256-CBC AES-256-CFB CAMELLIA-256-CFB and cipher@sequoia = *-256-CFB and key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK ECDHE-GSS DHE-GSS and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 3072 and min_dsa_size = 3072 and min_rsa_size = 3072 and sha1_in_certs = 0 and hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1 and arbitrary_dh_groups = 1 and ssh_certs = 1 and etm@SSH = ANY and __openssl_block_sha1_signatures = 1 and cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 and cipher@SSH = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpqjtkeeqj mtime 1718768269
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 14
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 5
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 11
NSS-POLICY-INFO: NUMBER-OF-ECC: 5
NSS-POLICY-INFO: NUMBER-OF-HASH: 3
NSS-POLICY-INFO: NUMBER-OF-MAC: 3
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 2
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 8
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_group is deprecated, please rewrite your rules using group@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and mac@krb5 = -HMAC-SHA1 and mac@krb5 = HMAC-SHA1+ and group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 FFDHE-1536 and hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA*-224 SHAKE-* SHA1 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 DSA-SHA2-256 DSA-SHA2-384 DSA-SHA2-512 DSA-SHA2-224 DSA-SHA3-256 DSA-SHA3-384 DSA-SHA3-512 ECDSA-SHA1 RSA-PSS-SHA1 RSA-SHA1 DSA-SHA1 and cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 CAMELLIA-256-GCM AES-256-CTR AES-256-CBC CAMELLIA-256-CBC AES-128-GCM AES-128-CCM CAMELLIA-128-GCM AES-128-CTR AES-128-CBC CAMELLIA-128-CBC 3DES-CBC and cipher@{RPM,sequoia} = AES-*-CFB CAMELLIA-*-CFB and cipher@*sequoia = -*-192-CFB and key_exchange = ECDHE RSA DHE DHE-RSA DHE-DSS PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS and protocol = TLS1.3 TLS1.2 TLS1.1 TLS1.0 DTLS1.2 DTLS1.0 and min_tls_version = TLS1.0 and min_dtls_version = DTLS1.0 and min_dh_size = 1024 and min_dsa_size = 1024 and min_rsa_size = 1024 and sha1_in_certs = 1 and hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+ and arbitrary_dh_groups = 1 and ssh_certs = 1 and ssh_etm = 1 and cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CBC 3DES-CBC and cipher@SSH = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR AES-256-CBC AES-128-GCM AES-128-CTR AES-128-CBC 3DES-CBC and group@SSH = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 FFDHE-1536 FFDHE-1024 and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and mac@krb5 = -HMAC-SHA1 and mac@krb5 = HMAC-SHA1+ and group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 FFDHE-1536 and hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA*-224 SHAKE-* SHA1 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 DSA-SHA2-256 DSA-SHA2-384 DSA-SHA2-512 DSA-SHA2-224 DSA-SHA3-256 DSA-SHA3-384 DSA-SHA3-512 ECDSA-SHA1 RSA-PSS-SHA1 RSA-SHA1 DSA-SHA1 and cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 CAMELLIA-256-GCM AES-256-CTR AES-256-CBC CAMELLIA-256-CBC AES-128-GCM AES-128-CCM CAMELLIA-128-GCM AES-128-CTR AES-128-CBC CAMELLIA-128-CBC 3DES-CBC and cipher@{RPM,sequoia} = AES-*-CFB CAMELLIA-*-CFB and cipher@*sequoia = -*-192-CFB and key_exchange = ECDHE RSA DHE DHE-RSA DHE-DSS PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS and protocol = TLS1.3 TLS1.2 TLS1.1 TLS1.0 DTLS1.2 DTLS1.0 and min_tls_version = TLS1.0 and min_dtls_version = DTLS1.0 and min_dh_size = 1024 and min_dsa_size = 1024 and min_rsa_size = 1024 and sha1_in_certs = 1 and hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+ and arbitrary_dh_groups = 1 and ssh_certs = 1 and etm@SSH = ANY and cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CBC 3DES-CBC and cipher@SSH = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR AES-256-CBC AES-128-GCM AES-128-CTR AES-128-CBC 3DES-CBC and group@SSH = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 FFDHE-1536 FFDHE-1024 and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: marking hash SHAKE-128 as secure
gnutls[2]: cfg: marking hash SHA1 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature DSA-SHA256 as secure
gnutls[2]: cfg: marking signature DSA-SHA384 as secure
gnutls[2]: cfg: marking signature DSA-SHA512 as secure
gnutls[2]: cfg: marking signature DSA-SHA224 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure
gnutls[2]: cfg: marking signature RSA-SHA1 as secure
gnutls[2]: cfg: marking signature DSA-SHA1 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature rsa-sha1 as secure for certs
gnutls[2]: cfg: marking signature dsa-sha1 as secure for certs
gnutls[2]: cfg: marking signature ecdsa-sha1 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling cipher 3DES-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-DSS for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version TLS1.1
gnutls[2]: cfg: enabling version TLS1.0
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: enabling version DTLS1.0
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpgecw099x mtime 1718768269
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA1 is enabled for SSL-KX
NSS-POLICY-INFO: SHA1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: DES-EDE3-CBC is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-DSS is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: DSA is enabled for SSL-KX
NSS-POLICY-INFO: DSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 19
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 10
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 14
NSS-POLICY-INFO: NUMBER-OF-ECC: 5
NSS-POLICY-INFO: NUMBER-OF-HASH: 5
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 6
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 5
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 33
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and mac@krb5 = -HMAC-SHA1 and mac@krb5 = HMAC-SHA1+ and group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA*-224 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 and cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 CAMELLIA-256-GCM AES-256-CTR AES-256-CBC CAMELLIA-256-CBC AES-128-GCM AES-128-CCM CAMELLIA-128-GCM AES-128-CTR AES-128-CBC CAMELLIA-128-CBC and cipher@*sequoia = AES-*-CFB CAMELLIA-*-CFB and cipher@{rpm-sequoia,sequoia} = -*-192-CFB and key_exchange = ECDHE RSA DHE DHE-RSA PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 0 and hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+ and arbitrary_dh_groups = 1 and ssh_certs = 1 and ssh_etm = 1 and sign@rpm-sequoia = DSA-SHA1+ and hash@rpm-sequoia = SHA1+ and min_dsa_size@rpm-sequoia = 1024 and __openssl_block_sha1_signatures = 1 and cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CBC and cipher@SSH = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR AES-128-GCM AES-128-CTR and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and mac@krb5 = -HMAC-SHA1 and mac@krb5 = HMAC-SHA1+ and group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA*-224 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 and cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 CAMELLIA-256-GCM AES-256-CTR AES-256-CBC CAMELLIA-256-CBC AES-128-GCM AES-128-CCM CAMELLIA-128-GCM AES-128-CTR AES-128-CBC CAMELLIA-128-CBC and cipher@*sequoia = AES-*-CFB CAMELLIA-*-CFB and cipher@{rpm-sequoia,sequoia} = -*-192-CFB and key_exchange = ECDHE RSA DHE DHE-RSA PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 0 and hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+ and arbitrary_dh_groups = 1 and ssh_certs = 1 and etm@SSH = ANY and sign@rpm-sequoia = DSA-SHA1+ and hash@rpm-sequoia = SHA1+ and min_dsa_size@rpm-sequoia = 1024 and __openssl_block_sha1_signatures = 1 and cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CBC and cipher@SSH = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR AES-128-GCM AES-128-CTR and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmp11dhc5qz mtime 1718768269
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 16
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 12
NSS-POLICY-INFO: NUMBER-OF-ECC: 5
NSS-POLICY-INFO: NUMBER-OF-HASH: 4
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
python/build-crypto-policies.py --policy FIPS:OSPP --test --flat tests/alternative-policies output/alt
PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 0 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 HMAC-SHA1 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and mac@krb5 = -HMAC-SHA1 and mac@krb5 = HMAC-SHA1+ and group = SECP256R1 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA2-224 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 and cipher = AES-256-GCM AES-256-CCM AES-256-CTR AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CTR AES-128-CBC and cipher@{RPM,sequoia} = AES-*-CFB and cipher@*sequoia = -*-192-CFB and key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 0 and hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1 and arbitrary_dh_groups = 1 and ssh_certs = 1 and ssh_etm = 1 and __ems = ENFORCE and cipher@TLS = AES-256-GCM AES-256-CCM AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CBC and cipher@SSH = AES-256-GCM AES-256-CTR AES-128-GCM AES-128-CTR and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 HMAC-SHA1 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and mac@krb5 = -HMAC-SHA1 and mac@krb5 = HMAC-SHA1+ and group = SECP256R1 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA2-224 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 and cipher = AES-256-GCM AES-256-CCM AES-256-CTR AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CTR AES-128-CBC and cipher@{RPM,sequoia} = AES-*-CFB and cipher@*sequoia = -*-192-CFB and key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 0 and hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1 and arbitrary_dh_groups = 1 and ssh_certs = 1 and etm@SSH = ANY and __ems = ENFORCE and cipher@TLS = AES-256-GCM AES-256-CCM AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CBC and cipher@SSH = AES-256-GCM AES-256-CTR AES-128-GCM AES-128-CTR and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpe12462ho mtime 1718768269
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 11
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 5
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 8
NSS-POLICY-INFO: NUMBER-OF-ECC: 2
NSS-POLICY-INFO: NUMBER-OF-HASH: 3
NSS-POLICY-INFO: NUMBER-OF-MAC: 3
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 2
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 5
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
python/build-crypto-policies.py --policy FIPS:ECDHE-ONLY --test --flat tests/alternative-policies output/alt
PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 0 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 HMAC-SHA1 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and mac@krb5 = -HMAC-SHA1 and mac@krb5 = HMAC-SHA1+ and group = SECP256R1 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA2-224 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 and cipher = AES-256-GCM AES-256-CCM AES-256-CTR AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CTR AES-128-CBC and cipher@{RPM,sequoia} = AES-*-CFB and cipher@*sequoia = -*-192-CFB and key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 0 and hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1 and arbitrary_dh_groups = 1 and ssh_certs = 1 and ssh_etm = 1 and __ems = ENFORCE and cipher@TLS = AES-256-GCM AES-256-CCM AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CBC and cipher@SSH = AES-256-GCM AES-256-CTR AES-128-GCM AES-128-CTR and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 HMAC-SHA1 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and mac@krb5 = -HMAC-SHA1 and mac@krb5 = HMAC-SHA1+ and group = SECP256R1 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA2-224 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 and cipher = AES-256-GCM AES-256-CCM AES-256-CTR AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CTR AES-128-CBC and cipher@{RPM,sequoia} = AES-*-CFB and cipher@*sequoia = -*-192-CFB and key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 0 and hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1 and arbitrary_dh_groups = 1 and ssh_certs = 1 and etm@SSH = ANY and __ems = ENFORCE and cipher@TLS = AES-256-GCM AES-256-CCM AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CBC and cipher@SSH = AES-256-GCM AES-256-CTR AES-128-GCM AES-128-CTR and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmp74dvwz6f mtime 1718768269
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 13
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 8
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 11
NSS-POLICY-INFO: NUMBER-OF-ECC: 4
NSS-POLICY-INFO: NUMBER-OF-HASH: 4
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 4
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 2
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 12
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
python/build-crypto-policies.py --policy FIPS:NO-ENFORCE-EMS --test --flat tests/alternative-policies output/alt
PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 0 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 HMAC-SHA1 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and mac@krb5 = -HMAC-SHA1 and mac@krb5 = HMAC-SHA1+ and group = SECP256R1 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA2-224 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 and cipher = AES-256-GCM AES-256-CCM AES-256-CTR AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CTR AES-128-CBC and cipher@{RPM,sequoia} = AES-*-CFB and cipher@*sequoia = -*-192-CFB and key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 0 and hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1 and arbitrary_dh_groups = 1 and ssh_certs = 1 and ssh_etm = 1 and __ems = ENFORCE and cipher@TLS = AES-256-GCM AES-256-CCM AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CBC and cipher@SSH = AES-256-GCM AES-256-CTR AES-128-GCM AES-128-CTR and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 HMAC-SHA1 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and mac@krb5 = -HMAC-SHA1 and mac@krb5 = HMAC-SHA1+ and group = SECP256R1 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA2-224 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 and cipher = AES-256-GCM AES-256-CCM AES-256-CTR AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CTR AES-128-CBC and cipher@{RPM,sequoia} = AES-*-CFB and cipher@*sequoia = -*-192-CFB and key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 0 and hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1 and arbitrary_dh_groups = 1 and ssh_certs = 1 and etm@SSH = ANY and __ems = ENFORCE and cipher@TLS = AES-256-GCM AES-256-CCM AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CBC and cipher@SSH = AES-256-GCM AES-256-CTR AES-128-GCM AES-128-CTR and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmp_st5bk_l mtime 1718768270
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 14
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 8
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 11
NSS-POLICY-INFO: NUMBER-OF-ECC: 4
NSS-POLICY-INFO: NUMBER-OF-HASH: 4
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 4
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 18
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
python/build-crypto-policies.py --policy GOST-ONLY --test --flat tests/alternative-policies output/alt
PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement
python/build-crypto-policies.py --policy LEGACY:AD-SUPPORT --test --flat tests/alternative-policies output/alt
PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_group is deprecated, please rewrite your rules using group@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and mac@krb5 = -HMAC-SHA1 and mac@krb5 = HMAC-SHA1+ and group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 FFDHE-1536 and hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA*-224 SHAKE-* SHA1 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 DSA-SHA2-256 DSA-SHA2-384 DSA-SHA2-512 DSA-SHA2-224 DSA-SHA3-256 DSA-SHA3-384 DSA-SHA3-512 ECDSA-SHA1 RSA-PSS-SHA1 RSA-SHA1 DSA-SHA1 and cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 CAMELLIA-256-GCM AES-256-CTR AES-256-CBC CAMELLIA-256-CBC AES-128-GCM AES-128-CCM CAMELLIA-128-GCM AES-128-CTR AES-128-CBC CAMELLIA-128-CBC 3DES-CBC and cipher@{RPM,sequoia} = AES-*-CFB CAMELLIA-*-CFB and cipher@*sequoia = -*-192-CFB and key_exchange = ECDHE RSA DHE DHE-RSA DHE-DSS PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS and protocol = TLS1.3 TLS1.2 TLS1.1 TLS1.0 DTLS1.2 DTLS1.0 and min_tls_version = TLS1.0 and min_dtls_version = DTLS1.0 and min_dh_size = 1024 and min_dsa_size = 1024 and min_rsa_size = 1024 and sha1_in_certs = 1 and hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+ and arbitrary_dh_groups = 1 and ssh_certs = 1 and ssh_etm = 1 and cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CBC 3DES-CBC and cipher@SSH = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR AES-256-CBC AES-128-GCM AES-128-CTR AES-128-CBC 3DES-CBC and group@SSH = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 FFDHE-1536 FFDHE-1024 and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and mac@krb5 = -HMAC-SHA1 and mac@krb5 = HMAC-SHA1+ and group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 FFDHE-1536 and hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA*-224 SHAKE-* SHA1 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 DSA-SHA2-256 DSA-SHA2-384 DSA-SHA2-512 DSA-SHA2-224 DSA-SHA3-256 DSA-SHA3-384 DSA-SHA3-512 ECDSA-SHA1 RSA-PSS-SHA1 RSA-SHA1 DSA-SHA1 and cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 CAMELLIA-256-GCM AES-256-CTR AES-256-CBC CAMELLIA-256-CBC AES-128-GCM AES-128-CCM CAMELLIA-128-GCM AES-128-CTR AES-128-CBC CAMELLIA-128-CBC 3DES-CBC and cipher@{RPM,sequoia} = AES-*-CFB CAMELLIA-*-CFB and cipher@*sequoia = -*-192-CFB and key_exchange = ECDHE RSA DHE DHE-RSA DHE-DSS PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS and protocol = TLS1.3 TLS1.2 TLS1.1 TLS1.0 DTLS1.2 DTLS1.0 and min_tls_version = TLS1.0 and min_dtls_version = DTLS1.0 and min_dh_size = 1024 and min_dsa_size = 1024 and min_rsa_size = 1024 and sha1_in_certs = 1 and hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+ and arbitrary_dh_groups = 1 and ssh_certs = 1 and etm@SSH = ANY and cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CBC 3DES-CBC and cipher@SSH = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR AES-256-CBC AES-128-GCM AES-128-CTR AES-128-CBC 3DES-CBC and group@SSH = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 FFDHE-1536 FFDHE-1024 and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: marking hash SHAKE-128 as secure
gnutls[2]: cfg: marking hash SHA1 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature DSA-SHA256 as secure
gnutls[2]: cfg: marking signature DSA-SHA384 as secure
gnutls[2]: cfg: marking signature DSA-SHA512 as secure
gnutls[2]: cfg: marking signature DSA-SHA224 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure
gnutls[2]: cfg: marking signature RSA-SHA1 as secure
gnutls[2]: cfg: marking signature DSA-SHA1 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature rsa-sha1 as secure for certs
gnutls[2]: cfg: marking signature dsa-sha1 as secure for certs
gnutls[2]: cfg: marking signature ecdsa-sha1 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling cipher 3DES-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-DSS for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version TLS1.1
gnutls[2]: cfg: enabling version TLS1.0
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: enabling version DTLS1.0
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpwdzaavjg mtime 1718768270
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA1 is enabled for SSL-KX
NSS-POLICY-INFO: SHA1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: DES-EDE3-CBC is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-DSS is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: DSA is enabled for SSL-KX
NSS-POLICY-INFO: DSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 19
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 10
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 14
NSS-POLICY-INFO: NUMBER-OF-ECC: 5
NSS-POLICY-INFO: NUMBER-OF-HASH: 5
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 6
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 5
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 33
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
python/build-crypto-policies.py --policy DEFAULT:GOST --test --flat tests/alternative-policies output/alt
PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and mac@krb5 = -HMAC-SHA1 and mac@krb5 = HMAC-SHA1+ and group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA*-224 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 and cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 CAMELLIA-256-GCM AES-256-CTR AES-256-CBC CAMELLIA-256-CBC AES-128-GCM AES-128-CCM CAMELLIA-128-GCM AES-128-CTR AES-128-CBC CAMELLIA-128-CBC and cipher@*sequoia = AES-*-CFB CAMELLIA-*-CFB and cipher@{rpm-sequoia,sequoia} = -*-192-CFB and key_exchange = ECDHE RSA DHE DHE-RSA PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 0 and hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+ and arbitrary_dh_groups = 1 and ssh_certs = 1 and ssh_etm = 1 and sign@rpm-sequoia = DSA-SHA1+ and hash@rpm-sequoia = SHA1+ and min_dsa_size@rpm-sequoia = 1024 and cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CBC and cipher@SSH = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR AES-128-GCM AES-128-CTR and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and mac@krb5 = -HMAC-SHA1 and mac@krb5 = HMAC-SHA1+ and group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA*-224 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 and cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 CAMELLIA-256-GCM AES-256-CTR AES-256-CBC CAMELLIA-256-CBC AES-128-GCM AES-128-CCM CAMELLIA-128-GCM AES-128-CTR AES-128-CBC CAMELLIA-128-CBC and cipher@*sequoia = AES-*-CFB CAMELLIA-*-CFB and cipher@{rpm-sequoia,sequoia} = -*-192-CFB and key_exchange = ECDHE RSA DHE DHE-RSA PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 0 and hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+ and arbitrary_dh_groups = 1 and ssh_certs = 1 and etm@SSH = ANY and sign@rpm-sequoia = DSA-SHA1+ and hash@rpm-sequoia = SHA1+ and min_dsa_size@rpm-sequoia = 1024 and cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CBC and cipher@SSH = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR AES-128-GCM AES-128-CTR and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmp6gnwmw2m mtime 1718768270
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 16
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 12
NSS-POLICY-INFO: NUMBER-OF-ECC: 5
NSS-POLICY-INFO: NUMBER-OF-HASH: 4
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
python/build-crypto-policies.py --policy DEFAULT:TEST-PQ --test --flat tests/alternative-policies output/alt
PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and mac@krb5 = -HMAC-SHA1 and mac@krb5 = HMAC-SHA1+ and group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA*-224 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 and cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 CAMELLIA-256-GCM AES-256-CTR AES-256-CBC CAMELLIA-256-CBC AES-128-GCM AES-128-CCM CAMELLIA-128-GCM AES-128-CTR AES-128-CBC CAMELLIA-128-CBC and cipher@*sequoia = AES-*-CFB CAMELLIA-*-CFB and cipher@{rpm-sequoia,sequoia} = -*-192-CFB and key_exchange = ECDHE RSA DHE DHE-RSA PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 0 and hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+ and arbitrary_dh_groups = 1 and ssh_certs = 1 and ssh_etm = 1 and sign@rpm-sequoia = DSA-SHA1+ and hash@rpm-sequoia = SHA1+ and min_dsa_size@rpm-sequoia = 1024 and cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CBC and cipher@SSH = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR AES-128-GCM AES-128-CTR and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 and mac@krb5 = -HMAC-SHA2-384 and mac@krb5 = +HMAC-SHA2-384 and mac@krb5 = -HMAC-SHA1 and mac@krb5 = HMAC-SHA1+ and group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 and hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA*-224 SHAKE-256 and sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO ECDSA-SHA3-384 ECDSA-SHA2-384 ECDSA-SHA3-512 ECDSA-SHA2-512 EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 RSA-SHA3-256 RSA-SHA2-256 RSA-SHA3-384 RSA-SHA2-384 RSA-SHA3-512 RSA-SHA2-512 ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 and cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 CAMELLIA-256-GCM AES-256-CTR AES-256-CBC CAMELLIA-256-CBC AES-128-GCM AES-128-CCM CAMELLIA-128-GCM AES-128-CTR AES-128-CBC CAMELLIA-128-CBC and cipher@*sequoia = AES-*-CFB CAMELLIA-*-CFB and cipher@{rpm-sequoia,sequoia} = -*-192-CFB and key_exchange = ECDHE RSA DHE DHE-RSA PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS and protocol = TLS1.3 TLS1.2 DTLS1.2 and min_tls_version = TLS1.2 and min_dtls_version = DTLS1.2 and min_dh_size = 2048 and min_dsa_size = 2048 and min_rsa_size = 2048 and sha1_in_certs = 0 and hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+ and arbitrary_dh_groups = 1 and ssh_certs = 1 and etm@SSH = ANY and sign@rpm-sequoia = DSA-SHA1+ and hash@rpm-sequoia = SHA1+ and min_dsa_size@rpm-sequoia = 1024 and cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CBC and cipher@SSH = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR AES-128-GCM AES-128-CTR and protocol@IKE = IKEv2; be advised that it is not always a 1-1 replacement
ExperimentalValueWarning: `group` values `MLKEM512`, `P256-MLKEM512`, `X25519-MLKEM512`, `MLKEM768`, `P384-MLKEM768`, `X448-MLKEM768`, `X25519-MLKEM768`, `P256-MLKEM768`, `MLKEM1024`, `P521-MLKEM1024`, `P384-MLKEM1024` are experimental and might go away in the future
ExperimentalValueWarning: `group` values `KYBER768`, `X25519-KYBER768`, `P256-KYBER768` are experimental and might go away in the future
ExperimentalValueWarning: `sign` values `SPHINCSSHA2128FSIMPLE`, `P256-SPHINCSSHA2128FSIMPLE`, `RSA3072-SPHINCSSHA2128FSIMPLE`, `SPHINCSSHA2128SSIMPLE`, `P256-SPHINCSSHA2128SSIMPLE`, `RSA3072-SPHINCSSHA2128SSIMPLE`, `SPHINCSSHA2192FSIMPLE`, `P384-SPHINCSSHA2192FSIMPLE`, `SPHINCSSHAKE128FSIMPLE`, `P256-SPHINCSSHAKE128FSIMPLE`, `RSA3072-SPHINCSSHAKE128FSIMPLE` are experimental and might go away in the future
ExperimentalValueWarning: `sign` values `FALCON512`, `P256-FALCON512`, `RSA3072-FALCON512`, `FALCONPADDED512`, `P256-FALCONPADDED512`, `RSA3072-FALCONPADDED512`, `FALCON1024`, `P521-FALCON1024`, `FALCONPADDED1024`, `P521-FALCONPADDED1024` are experimental and might go away in the future
ExperimentalValueWarning: `sign` values `MLDSA87`, `P521-MLDSA87`, `MLDSA87-P384`, `MLDSA87-BP384`, `MLDSA87-ED448` are experimental and might go away in the future
ExperimentalValueWarning: `sign` values `MLDSA65`, `P384-MLDSA65`, `MLDSA65-PSS3072`, `MLDSA65-RSA3072`, `MLDSA65-P256`, `MLDSA65-BP256`, `MLDSA65-ED25519` are experimental and might go away in the future
ExperimentalValueWarning: `sign` values `MLDSA44`, `P256-MLDSA44`, `RSA3072-MLDSA44`, `MLDSA44-PSS2048`, `MLDSA44-RSA2048`, `MLDSA44-ED25519`, `MLDSA44-P256`, `MLDSA44-BP256` are experimental and might go away in the future
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpuauw6jul mtime 1718768270
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 16
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 12
NSS-POLICY-INFO: NUMBER-OF-ECC: 5
NSS-POLICY-INFO: NUMBER-OF-HASH: 4
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
python/build-crypto-policies.py --policy TEST-FEDORA41 --test --flat policies output/alt
gnutls[2]: Enabled GnuTLS 3.8.5 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmptusfqjiv mtime 1718768270
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 16
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 12
NSS-POLICY-INFO: NUMBER-OF-ECC: 5
NSS-POLICY-INFO: NUMBER-OF-HASH: 4
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
+ RPM_EC=0
++ jobs -p
+ exit 0
Processing files: crypto-policies-20240521-1.gitf71d135.fc41.noarch
Executing(%license): /bin/sh -e /var/tmp/rpm-tmp.LuEFzV
+ umask 022
+ cd /builddir/build/BUILD/crypto-policies-20240521-build
+ cd fedora-crypto-policies-f71d135-f71d135074d5c2c1b03002d327c7eee9a2a2cb42
+ LICENSEDIR=/builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/licenses/crypto-policies
+ export LC_ALL=C.UTF-8
+ LC_ALL=C.UTF-8
+ export LICENSEDIR
+ /usr/bin/mkdir -p /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/licenses/crypto-policies
+ cp -pr /builddir/build/BUILD/crypto-policies-20240521-build/fedora-crypto-policies-f71d135-f71d135074d5c2c1b03002d327c7eee9a2a2cb42/COPYING.LESSER /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT/usr/share/licenses/crypto-policies
+ RPM_EC=0
++ jobs -p
+ exit 0
warning: absolute symlink: /etc/crypto-policies/back-ends/bind.config -> /usr/share/crypto-policies/DEFAULT/bind.txt
warning: absolute symlink: /etc/crypto-policies/back-ends/gnutls.config -> /usr/share/crypto-policies/DEFAULT/gnutls.txt
warning: absolute symlink: /etc/crypto-policies/back-ends/java.config -> /usr/share/crypto-policies/DEFAULT/java.txt
warning: absolute symlink: /etc/crypto-policies/back-ends/javasystem.config -> /usr/share/crypto-policies/DEFAULT/javasystem.txt
warning: absolute symlink: /etc/crypto-policies/back-ends/krb5.config -> /usr/share/crypto-policies/DEFAULT/krb5.txt
warning: absolute symlink: /etc/crypto-policies/back-ends/libreswan.config -> /usr/share/crypto-policies/DEFAULT/libreswan.txt
warning: absolute symlink: /etc/crypto-policies/back-ends/libssh.config -> /usr/share/crypto-policies/DEFAULT/libssh.txt
warning: absolute symlink: /etc/crypto-policies/back-ends/nss.config -> /usr/share/crypto-policies/DEFAULT/nss.txt
warning: absolute symlink: /etc/crypto-policies/back-ends/openssh.config -> /usr/share/crypto-policies/DEFAULT/openssh.txt
warning: absolute symlink: /etc/crypto-policies/back-ends/opensshserver.config -> /usr/share/crypto-policies/DEFAULT/opensshserver.txt
warning: absolute symlink: /etc/crypto-policies/back-ends/openssl.config -> /usr/share/crypto-policies/DEFAULT/openssl.txt
warning: absolute symlink: /etc/crypto-policies/back-ends/openssl_fips.config -> /usr/share/crypto-policies/DEFAULT/openssl_fips.txt
warning: absolute symlink: /etc/crypto-policies/back-ends/opensslcnf.config -> /usr/share/crypto-policies/DEFAULT/opensslcnf.txt
warning: absolute symlink: /etc/crypto-policies/back-ends/rpm-sequoia.config -> /usr/share/crypto-policies/DEFAULT/rpm-sequoia.txt
warning: absolute symlink: /etc/crypto-policies/back-ends/sequoia.config -> /usr/share/crypto-policies/DEFAULT/sequoia.txt
Provides: config(crypto-policies) = 20240521-1.gitf71d135.fc41 crypto-policies = 20240521-1.gitf71d135.fc41
Requires(rpmlib): rpmlib(BuiltinLuaScripts) <= 4.2.2-1 rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PartialHardlinkSets) <= 4.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Conflicts: gnutls < 3.8.1 libreswan < 3.28 nss < 3.90.0 openssh < 9.0p1-5 openssl-libs < 3.0.2-2
Recommends: crypto-policies-scripts
Processing files: crypto-policies-scripts-20240521-1.gitf71d135.fc41.noarch
Provides: crypto-policies-scripts = 20240521-1.gitf71d135.fc41 fips-mode-setup = 20240521-1.gitf71d135.fc41
Requires(interp): /bin/sh
Requires(rpmlib): rpmlib(BuiltinLuaScripts) <= 4.2.2-1 rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PartialHardlinkSets) <= 4.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Requires(posttrans): /bin/sh
Requires: /usr/bin/bash /usr/bin/python3 /usr/bin/sh
Obsoletes: fips-mode-setup < 20200702-1.c40cede
Recommends: grubby
Checking for unpackaged file(s): /usr/lib/rpm/check-files /builddir/build/BUILD/crypto-policies-20240521-build/BUILDROOT
Wrote: /builddir/build/RPMS/crypto-policies-20240521-1.gitf71d135.fc41.noarch.rpm
Wrote: /builddir/build/RPMS/crypto-policies-scripts-20240521-1.gitf71d135.fc41.noarch.rpm
RPM build warnings:
    absolute symlink: /etc/crypto-policies/back-ends/bind.config -> /usr/share/crypto-policies/DEFAULT/bind.txt
    absolute symlink: /etc/crypto-policies/back-ends/gnutls.config -> /usr/share/crypto-policies/DEFAULT/gnutls.txt
    absolute symlink: /etc/crypto-policies/back-ends/java.config -> /usr/share/crypto-policies/DEFAULT/java.txt
    absolute symlink: /etc/crypto-policies/back-ends/javasystem.config -> /usr/share/crypto-policies/DEFAULT/javasystem.txt
    absolute symlink: /etc/crypto-policies/back-ends/krb5.config -> /usr/share/crypto-policies/DEFAULT/krb5.txt
    absolute symlink: /etc/crypto-policies/back-ends/libreswan.config -> /usr/share/crypto-policies/DEFAULT/libreswan.txt
    absolute symlink: /etc/crypto-policies/back-ends/libssh.config -> /usr/share/crypto-policies/DEFAULT/libssh.txt
    absolute symlink: /etc/crypto-policies/back-ends/nss.config -> /usr/share/crypto-policies/DEFAULT/nss.txt
    absolute symlink: /etc/crypto-policies/back-ends/openssh.config -> /usr/share/crypto-policies/DEFAULT/openssh.txt
    absolute symlink: /etc/crypto-policies/back-ends/opensshserver.config -> /usr/share/crypto-policies/DEFAULT/opensshserver.txt
    absolute symlink: /etc/crypto-policies/back-ends/openssl.config -> /usr/share/crypto-policies/DEFAULT/openssl.txt
    absolute symlink: /etc/crypto-policies/back-ends/openssl_fips.config -> /usr/share/crypto-policies/DEFAULT/openssl_fips.txt
    absolute symlink: /etc/crypto-policies/back-ends/opensslcnf.config -> /usr/share/crypto-policies/DEFAULT/opensslcnf.txt
    absolute symlink: /etc/crypto-policies/back-ends/rpm-sequoia.config -> /usr/share/crypto-policies/DEFAULT/rpm-sequoia.txt
    absolute symlink: /etc/crypto-policies/back-ends/sequoia.config -> /usr/share/crypto-policies/DEFAULT/sequoia.txt
Child return code was: 0