D: [iurt_root_command] chroot Building target platforms: noarch Building for target noarch Installing /home/iurt/rpmbuild/SRPMS/@2177902:crypto-policies-20250402-1.mga10.src.rpm Executing(%mkbuilddir): /bin/sh -e /home/iurt/rpmbuild/tmp/rpm-tmp.RHI8Lw Executing(%prep): /bin/sh -e /home/iurt/rpmbuild/tmp/rpm-tmp.eZXgUU + umask 022 + cd /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build + '[' 1 -eq 1 ']' + '[' 1 -eq 1 ']' + '[' 1 -eq 1 ']' + cd /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build + rm -rf fedora-crypto-policies-86c0178-86c0178416fe7998bbf553a3e713a9c4b7205757 + /usr/lib/rpm/rpmuncompress -x /home/iurt/rpmbuild/SOURCES/crypto-policies-git86c0178.tar.gz + STATUS=0 + '[' 0 -ne 0 ']' + cd fedora-crypto-policies-86c0178-86c0178416fe7998bbf553a3e713a9c4b7205757 + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . + /usr/lib/rpm/rpmuncompress /home/iurt/rpmbuild/SOURCES/0001-Drop-GSSAPI-support-for-now-as-it-s-not-available-on.patch + /usr/bin/patch -p1 -s --fuzz=0 --no-backup-if-mismatch -f + /usr/lib/rpm/rpmuncompress /home/iurt/rpmbuild/SOURCES/0001-No-leancrypto-in-Mageia.patch + /usr/bin/patch -p1 -s --fuzz=0 --no-backup-if-mismatch -f + RPM_EC=0 ++ jobs -p + exit 0 Executing(%build): /bin/sh -e /home/iurt/rpmbuild/tmp/rpm-tmp.dR7LtM + umask 022 + cd /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build + CFLAGS='-O2 -g -pipe -Wformat -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full' + export CFLAGS + CXXFLAGS='-O2 -g -pipe -Wformat -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full' + export CXXFLAGS + FFLAGS='-O2 -g -pipe -Wformat -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full ' + export FFLAGS + FCFLAGS='-O2 -g -pipe -Wformat -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full ' + export FCFLAGS + VALAFLAGS=-g + export VALAFLAGS + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none --cap-lints=warn' + export RUSTFLAGS + LDFLAGS='-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro -Wl,-z,now -Wl,-O1 -Wl,--build-id=sha1 -Wl,--enable-new-dtags -specs=/usr/lib/rpm/redhat/redhat-hardened-ld' + export LDFLAGS + LT_SYS_LIBRARY_PATH=/usr/lib: + export LT_SYS_LIBRARY_PATH + CC=gcc + export CC + CXX=g++ + export CXX + cd fedora-crypto-policies-86c0178-86c0178416fe7998bbf553a3e713a9c4b7205757 + '[' 1 -eq 1 ']' + '[' 1 -eq 1 ']' + /usr/bin/make -O -j12 V=1 VERBOSE=1 asciidoc -v -d manpage -b docbook update-crypto-policies.8.txt asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/asciidoc.conf asciidoc: reading: /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/fedora-crypto-policies-86c0178-86c0178416fe7998bbf553a3e713a9c4b7205757/update-crypto-policies.8.txt asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/docbook45.conf asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/code/code-filter.conf asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/latex/latex-filter.conf asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/music/music-filter.conf asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/graphviz/graphviz-filter.conf asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/source/source-highlight-filter.conf asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/lang-en.conf asciidoc: writing: /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/fedora-crypto-policies-86c0178-86c0178416fe7998bbf553a3e713a9c4b7205757/update-crypto-policies.8.xml xsltproc --nonet -o update-crypto-policies.8 /usr/lib/python3.13/site-packages/asciidoc/resources/docbook-xsl/manpage.xsl update-crypto-policies.8.xml Note: Writing update-crypto-policies.8 asciidoc -v -d manpage -b docbook crypto-policies.7.txt asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/asciidoc.conf asciidoc: reading: /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/fedora-crypto-policies-86c0178-86c0178416fe7998bbf553a3e713a9c4b7205757/crypto-policies.7.txt asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/docbook45.conf asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/code/code-filter.conf asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/latex/latex-filter.conf asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/music/music-filter.conf asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/graphviz/graphviz-filter.conf asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/source/source-highlight-filter.conf asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/lang-en.conf asciidoc: writing: /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/fedora-crypto-policies-86c0178-86c0178416fe7998bbf553a3e713a9c4b7205757/crypto-policies.7.xml xsltproc --nonet -o crypto-policies.7 /usr/lib/python3.13/site-packages/asciidoc/resources/docbook-xsl/manpage.xsl crypto-policies.7.xml Note: Writing crypto-policies.7 mkdir -p output python/build-crypto-policies.py --reloadcmds policies output gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpwy7xx1sn mtime 1745351429 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 16 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 7 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 14 NSS-POLICY-INFO: NUMBER-OF-ECC: 4 NSS-POLICY-INFO: NUMBER-OF-HASH: 6 NSS-POLICY-INFO: NUMBER-OF-MAC: 3 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 4 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 12 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: marking hash SHAKE-128 as secure gnutls[2]: cfg: marking hash SHA1 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature DSA-SHA256 as secure gnutls[2]: cfg: marking signature DSA-SHA384 as secure gnutls[2]: cfg: marking signature DSA-SHA512 as secure gnutls[2]: cfg: marking signature DSA-SHA224 as secure gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure gnutls[2]: cfg: marking signature RSA-SHA1 as secure gnutls[2]: cfg: marking signature DSA-SHA1 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature rsa-sha1 as secure for certs gnutls[2]: cfg: marking signature dsa-sha1 as secure for certs gnutls[2]: cfg: marking signature ecdsa-sha1 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling cipher 3DES-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-DSS for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version TLS1.1 gnutls[2]: cfg: enabling version TLS1.0 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: enabling version DTLS1.0 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpq5gikqez mtime 1745351429 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA1 is enabled for SSL-KX NSS-POLICY-INFO: SHA1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: DES-EDE3-CBC is enabled for SSL NSS-POLICY-INFO: RSA is enabled for SSL-KX NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: DHE-DSS is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: DSA is enabled for SSL-KX NSS-POLICY-INFO: DSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 23 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 10 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 19 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 9 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 6 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 5 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 5 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_3DES_EDE_CBC_SHA is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 33 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpopf2gdt2 mtime 1745351429 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: RSA is enabled for SSL-KX NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 20 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 8 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpp0cwshkx mtime 1745351430 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 17 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 8 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 14 NSS-POLICY-INFO: NUMBER-OF-ECC: 4 NSS-POLICY-INFO: NUMBER-OF-HASH: 7 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 4 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 18 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpikmekn06 mtime 1745351430 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: RSA is enabled for SSL-KX NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 20 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 8 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpn8umj7s7 mtime 1745351430 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 17 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 5 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 15 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 6 NSS-POLICY-INFO: NUMBER-OF-MAC: 3 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 2 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4 NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 8 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpwe9adfri mtime 1745351430 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: RSA is enabled for SSL-KX NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 20 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 8 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 Saving config for bind for policy BSI Saving config for gnutls for policy BSI Saving config for java for policy BSI Saving config for krb5 for policy BSI Saving config for libreswan for policy BSI Saving config for libssh for policy BSI Saving config for nss for policy BSI Saving config for openssh for policy BSI Saving config for opensshserver for policy BSI Saving config for openssl_fips for policy BSI Saving config for opensslcnf for policy BSI Saving config for rpm-sequoia for policy BSI Saving config for sequoia for policy BSI Saving config for bind for policy LEGACY Saving config for gnutls for policy LEGACY Saving config for java for policy LEGACY Saving config for krb5 for policy LEGACY Saving config for libreswan for policy LEGACY Saving config for libssh for policy LEGACY Saving config for nss for policy LEGACY Saving config for openssh for policy LEGACY Saving config for opensshserver for policy LEGACY Saving config for openssl_fips for policy LEGACY Saving config for opensslcnf for policy LEGACY Saving config for rpm-sequoia for policy LEGACY Saving config for sequoia for policy LEGACY Saving config for bind for policy EMPTY Saving config for gnutls for policy EMPTY Saving config for java for policy EMPTY Saving config for krb5 for policy EMPTY Saving config for libreswan for policy EMPTY Saving config for libssh for policy EMPTY Saving config for nss for policy EMPTY Saving config for openssh for policy EMPTY Saving config for opensshserver for policy EMPTY Saving config for openssl_fips for policy EMPTY Saving config for opensslcnf for policy EMPTY Saving config for rpm-sequoia for policy EMPTY Saving config for sequoia for policy EMPTY Saving config for bind for policy GOST-ONLY Saving config for gnutls for policy GOST-ONLY Saving config for java for policy GOST-ONLY Saving config for krb5 for policy GOST-ONLY Saving config for libreswan for policy GOST-ONLY Saving config for libssh for policy GOST-ONLY Saving config for nss for policy GOST-ONLY Saving config for openssh for policy GOST-ONLY Saving config for opensshserver for policy GOST-ONLY Saving config for openssl_fips for policy GOST-ONLY Saving config for opensslcnf for policy GOST-ONLY Saving config for rpm-sequoia for policy GOST-ONLY Saving config for sequoia for policy GOST-ONLY Saving config for bind for policy FEDORA43 Saving config for gnutls for policy FEDORA43 Saving config for java for policy FEDORA43 Saving config for krb5 for policy FEDORA43 Saving config for libreswan for policy FEDORA43 Saving config for libssh for policy FEDORA43 Saving config for nss for policy FEDORA43 Saving config for openssh for policy FEDORA43 Saving config for opensshserver for policy FEDORA43 Saving config for openssl_fips for policy FEDORA43 Saving config for opensslcnf for policy FEDORA43 Saving config for rpm-sequoia for policy FEDORA43 Saving config for sequoia for policy FEDORA43 Saving config for bind for policy FIPS Saving config for gnutls for policy FIPS Saving config for java for policy FIPS Saving config for krb5 for policy FIPS Saving config for libreswan for policy FIPS Saving config for libssh for policy FIPS Saving config for nss for policy FIPS Saving config for openssh for policy FIPS Saving config for opensshserver for policy FIPS Saving config for openssl_fips for policy FIPS Saving config for opensslcnf for policy FIPS Saving config for rpm-sequoia for policy FIPS Saving config for sequoia for policy FIPS Saving config for bind for policy DEFAULT Saving config for gnutls for policy DEFAULT Saving config for java for policy DEFAULT Saving config for krb5 for policy DEFAULT Saving config for libreswan for policy DEFAULT Saving config for libssh for policy DEFAULT Saving config for nss for policy DEFAULT Saving config for openssh for policy DEFAULT Saving config for opensshserver for policy DEFAULT Saving config for openssl_fips for policy DEFAULT Saving config for opensslcnf for policy DEFAULT Saving config for rpm-sequoia for policy DEFAULT Saving config for sequoia for policy DEFAULT Saving config for bind for policy FUTURE Saving config for gnutls for policy FUTURE Saving config for java for policy FUTURE Saving config for krb5 for policy FUTURE Saving config for libreswan for policy FUTURE Saving config for libssh for policy FUTURE Saving config for nss for policy FUTURE Saving config for openssh for policy FUTURE Saving config for opensshserver for policy FUTURE Saving config for openssl_fips for policy FUTURE Saving config for opensslcnf for policy FUTURE Saving config for rpm-sequoia for policy FUTURE Saving config for sequoia for policy FUTURE Saving config for bind for policy FEDORA42 Saving config for gnutls for policy FEDORA42 Saving config for java for policy FEDORA42 Saving config for krb5 for policy FEDORA42 Saving config for libreswan for policy FEDORA42 Saving config for libssh for policy FEDORA42 Saving config for nss for policy FEDORA42 Saving config for openssh for policy FEDORA42 Saving config for opensshserver for policy FEDORA42 Saving config for openssl_fips for policy FEDORA42 Saving config for opensslcnf for policy FEDORA42 Saving config for rpm-sequoia for policy FEDORA42 Saving config for sequoia for policy FEDORA42 + RPM_EC=0 ++ jobs -p + exit 0 Executing(%install): /bin/sh -e /home/iurt/rpmbuild/tmp/rpm-tmp.6HGI4K + umask 022 + cd /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build + '[' 1 -eq 1 ']' + '[' /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT '!=' / ']' + rm -rf /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT ++ dirname /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT + mkdir -p /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build + mkdir /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT + CFLAGS='-O2 -g -pipe -Wformat -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full' + export CFLAGS + CXXFLAGS='-O2 -g -pipe -Wformat -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full' + export CXXFLAGS + FFLAGS='-O2 -g -pipe -Wformat -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full ' + export FFLAGS + FCFLAGS='-O2 -g -pipe -Wformat -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full ' + export FCFLAGS + VALAFLAGS=-g + export VALAFLAGS + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none --cap-lints=warn' + export RUSTFLAGS + LDFLAGS='-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro -Wl,-z,now -Wl,-O1 -Wl,--build-id=sha1 -Wl,--enable-new-dtags -specs=/usr/lib/rpm/redhat/redhat-hardened-ld' + export LDFLAGS + LT_SYS_LIBRARY_PATH=/usr/lib: + export LT_SYS_LIBRARY_PATH + CC=gcc + export CC + CXX=g++ + export CXX + cd fedora-crypto-policies-86c0178-86c0178416fe7998bbf553a3e713a9c4b7205757 + '[' 1 -eq 1 ']' + mkdir -p -m 755 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/ + mkdir -p -m 755 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/ + mkdir -p -m 755 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/back-ends/ + mkdir -p -m 755 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/state/ + mkdir -p -m 755 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/local.d/ + mkdir -p -m 755 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/policies/ + mkdir -p -m 755 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/policies/modules/ + mkdir -p -m 755 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/bin + make DESTDIR=/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT DIR=/usr/share/crypto-policies MANDIR=/usr/share/man -j12 install mkdir -p /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/man mkdir -p /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/man/man7 mkdir -p /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/man/man8 mkdir -p /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/bin mkdir -p /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/libexec mkdir -p /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/lib/systemd/system install -p -m 644 crypto-policies.7 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/man/man7 install -p -m 644 update-crypto-policies.8 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/man/man8 install -p -m 755 update-crypto-policies /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/bin install -p -m 644 fips-crypto-policy-overlay.service /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/lib/systemd/system install -p -m 755 fips-crypto-policy-overlay fips-setup-helper /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/libexec mkdir -p /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/ install -p -m 644 default-config /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies install -p -m 644 default-fips-config /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies install -p -m 644 output/reload-cmds.sh /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies for f in $(find output -name '*.txt') ; do d=$(dirname $f | cut -f 2- -d '/') ; install -p -m 644 -D -t /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d $f ; done for f in $(find policies -name '*.p*') ; do d=$(dirname $f) ; install -p -m 644 -D -t /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d $f ; done for f in $(find python -name '*.py') ; do d=$(dirname $f) ; install -p -m 644 -D -t /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d $f ; done chmod 755 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/update-crypto-policies.py chmod 755 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/build-crypto-policies.py + install -p -m 644 default-config /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/config + install -p -m 644 default-fips-config /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/default-fips-config + touch /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/state/current + touch /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/state/CURRENT.pol + rm -rf /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/GOST-ONLY + rm -rf /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/BSI + rm -rf /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FEDORA42 + rm -rf /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FEDORA43 + for d in LEGACY DEFAULT FUTURE FIPS + mkdir -p -m 755 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/bind.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/bind.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/bind.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/gnutls.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/gnutls.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/gnutls.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/java.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/java.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/java.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/krb5.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/krb5.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/krb5.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/libreswan.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/libreswan.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/libreswan.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/libssh.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/libssh.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/libssh.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/nss.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/nss.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/nss.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/openssh.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/openssh.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/openssh.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/opensshserver.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/opensshserver.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/opensshserver.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/openssl_fips.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/openssl_fips.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/openssl_fips.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/opensslcnf.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/opensslcnf.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/opensslcnf.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/rpm-sequoia.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/rpm-sequoia.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/rpm-sequoia.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/sequoia.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/sequoia.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/sequoia.config + for d in LEGACY DEFAULT FUTURE FIPS + mkdir -p -m 755 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/bind.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/bind.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/bind.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/gnutls.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/gnutls.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/gnutls.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/java.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/java.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/java.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/krb5.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/krb5.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/krb5.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/libreswan.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/libreswan.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/libreswan.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/libssh.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/libssh.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/libssh.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/nss.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/nss.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/nss.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/openssh.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/openssh.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/openssh.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/opensshserver.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/opensshserver.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/opensshserver.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/openssl_fips.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/openssl_fips.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/openssl_fips.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/opensslcnf.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/opensslcnf.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/opensslcnf.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/rpm-sequoia.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/rpm-sequoia.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/rpm-sequoia.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/sequoia.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/sequoia.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/sequoia.config + for d in LEGACY DEFAULT FUTURE FIPS + mkdir -p -m 755 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/bind.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/bind.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/bind.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/gnutls.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/gnutls.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/gnutls.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/java.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/java.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/java.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/krb5.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/krb5.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/krb5.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/libreswan.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/libreswan.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/libreswan.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/libssh.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/libssh.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/libssh.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/nss.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/nss.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/nss.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/openssh.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/openssh.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/openssh.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/opensshserver.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/opensshserver.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/opensshserver.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/openssl_fips.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/openssl_fips.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/openssl_fips.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/opensslcnf.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/opensslcnf.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/opensslcnf.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/rpm-sequoia.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/rpm-sequoia.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/rpm-sequoia.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/sequoia.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/sequoia.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/sequoia.config + for d in LEGACY DEFAULT FUTURE FIPS + mkdir -p -m 755 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/bind.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/bind.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/bind.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/gnutls.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/gnutls.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/gnutls.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/java.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/java.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/java.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/krb5.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/krb5.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/krb5.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/libreswan.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/libreswan.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/libreswan.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/libssh.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/libssh.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/libssh.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/nss.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/nss.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/nss.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/openssh.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/openssh.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/openssh.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/opensshserver.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/opensshserver.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/opensshserver.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/openssl_fips.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/openssl_fips.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/openssl_fips.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/opensslcnf.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/opensslcnf.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/opensslcnf.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/rpm-sequoia.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/rpm-sequoia.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/rpm-sequoia.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/sequoia.txt .txt + ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/sequoia.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/sequoia.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/bind.txt ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/bind.txt .txt + ln -sf /usr/share/crypto-policies/DEFAULT/bind.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/back-ends/bind.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/gnutls.txt ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/gnutls.txt .txt + ln -sf /usr/share/crypto-policies/DEFAULT/gnutls.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/back-ends/gnutls.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/java.txt ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/java.txt .txt + ln -sf /usr/share/crypto-policies/DEFAULT/java.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/back-ends/java.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/krb5.txt ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/krb5.txt .txt + ln -sf /usr/share/crypto-policies/DEFAULT/krb5.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/back-ends/krb5.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/libreswan.txt ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/libreswan.txt .txt + ln -sf /usr/share/crypto-policies/DEFAULT/libreswan.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/back-ends/libreswan.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/libssh.txt ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/libssh.txt .txt + ln -sf /usr/share/crypto-policies/DEFAULT/libssh.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/back-ends/libssh.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/nss.txt ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/nss.txt .txt + ln -sf /usr/share/crypto-policies/DEFAULT/nss.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/back-ends/nss.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/openssh.txt ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/openssh.txt .txt + ln -sf /usr/share/crypto-policies/DEFAULT/openssh.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/back-ends/openssh.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/opensshserver.txt ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/opensshserver.txt .txt + ln -sf /usr/share/crypto-policies/DEFAULT/opensshserver.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/back-ends/opensshserver.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/openssl_fips.txt ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/openssl_fips.txt .txt + ln -sf /usr/share/crypto-policies/DEFAULT/openssl_fips.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/back-ends/openssl_fips.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/opensslcnf.txt ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/opensslcnf.txt .txt + ln -sf /usr/share/crypto-policies/DEFAULT/opensslcnf.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/back-ends/opensslcnf.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/rpm-sequoia.txt ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/rpm-sequoia.txt .txt + ln -sf /usr/share/crypto-policies/DEFAULT/rpm-sequoia.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/back-ends/rpm-sequoia.config + for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/* ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/sequoia.txt ++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/sequoia.txt .txt + ln -sf /usr/share/crypto-policies/DEFAULT/sequoia.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/back-ends/sequoia.config + [[ /usr/bin/python3 =~ - ]] + clamp_source_mtime /usr/bin/python3 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python + python_binary='env -u SOURCE_DATE_EPOCH /usr/bin/python3' + bytecode_compilation_path=/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python + PYTHONPATH=/usr/lib/rpm/redhat + env -u SOURCE_DATE_EPOCH /usr/bin/python3 -s -B -m clamp_source_mtime /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python Not clamping source mtimes, $SOURCE_DATE_EPOCH not set ++ /usr/bin/python3 -c 'import sys; sys.stdout.write('\''{0.major}{0.minor}'\''.format(sys.version_info))' + python_version=313 + '[' 313 -ge 39 ']' + py39_byte_compile /usr/bin/python3 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python + python_binary='env -u SOURCE_DATE_EPOCH PYTHONHASHSEED=0 /usr/bin/python3' + bytecode_compilation_path=/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python + env -u SOURCE_DATE_EPOCH PYTHONHASHSEED=0 /usr/bin/python3 -s -B -m compileall -j12 -o 0 -o 1 -s /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT -p / --hardlink-dupes --invalidation-mode=timestamp /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python Listing '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python'... Listing '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies'... Listing '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation'... Listing '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators'... Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation/__init__.py'... Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation/alg_lists.py'... Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation/general.py'... Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation/rules.py'... Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation/scope.py'... Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/__init__.py'... Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/bind.py'... Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/configgenerator.py'... Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/gnutls.py'... Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/java.py'... Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/krb5.py'... Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/libreswan.py'... Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/build-crypto-policies.py'... Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/__init__.py'... Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/alg_lists.py'... Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/cryptopolicies.py'... Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/sequoia.py'... Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/update-crypto-policies.py'... Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/libssh.py'... Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/nss.py'... Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/openssh.py'... Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/openssl.py'... + /usr/lib/rpm/check-buildroot + '[' -n '' ']' + /usr/share/spec-helper/clean_files + '[' -n '' ']' + /usr/share/spec-helper/compress_files .xz + '[' -n '' ']' + /usr/share/spec-helper/relink_symlinks + '[' -n '' ']' + /usr/share/spec-helper/clean_perl + '[' -n '' ']' + /usr/share/spec-helper/lib_symlinks + '[' -n '' ']' + /usr/share/spec-helper/gprintify + '[' -n '' ']' + /usr/share/spec-helper/fix_mo + '[' -n '' ']' + /usr/share/spec-helper/fix_pamd + '[' -n '' ']' + /usr/share/spec-helper/remove_info_dir + '[' -n '' ']' + /usr/share/spec-helper/fix_eol + '[' -n '' ']' + /usr/share/spec-helper/check_desktop_files + '[' -n '' ']' + /usr/share/spec-helper/check_elf_files + /usr/lib/rpm/brp-strip /usr/bin/strip + /usr/lib/rpm/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump + /usr/lib/rpm/brp-strip-static-archive /usr/bin/strip + /usr/lib/rpm/check-rpaths + /usr/lib/rpm/brp-remove-la-files + /usr/lib/rpm/redhat/brp-mangle-shebangs mangling shebang in /usr/libexec/fips-setup-helper from /bin/bash to #!/usr/bin/bash mangling shebang in /usr/libexec/fips-crypto-policy-overlay from /bin/bash to #!/usr/bin/bash mangling shebang in /usr/share/crypto-policies/python/update-crypto-policies.py from /usr/bin/env python3 to #!/usr/bin/python3 mangling shebang in /usr/share/crypto-policies/python/build-crypto-policies.py from /usr/bin/env python3 to #!/usr/bin/python3 + env -u SOURCE_DATE_EPOCH /usr/lib/rpm/redhat/brp-python-bytecompile '' 1 0 -j12 + /usr/lib/rpm/redhat/brp-python-hardlink Executing(%check): /bin/sh -e /home/iurt/rpmbuild/tmp/rpm-tmp.pZyk2X + umask 022 + cd /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build + CFLAGS='-O2 -g -pipe -Wformat -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full' + export CFLAGS + CXXFLAGS='-O2 -g -pipe -Wformat -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full' + export CXXFLAGS + FFLAGS='-O2 -g -pipe -Wformat -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full ' + export FFLAGS + FCFLAGS='-O2 -g -pipe -Wformat -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full ' + export FCFLAGS + VALAFLAGS=-g + export VALAFLAGS + RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none --cap-lints=warn' + export RUSTFLAGS + LDFLAGS='-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro -Wl,-z,now -Wl,-O1 -Wl,--build-id=sha1 -Wl,--enable-new-dtags -specs=/usr/lib/rpm/redhat/redhat-hardened-ld' + export LDFLAGS + LT_SYS_LIBRARY_PATH=/usr/lib: + export LT_SYS_LIBRARY_PATH + CC=gcc + export CC + CXX=g++ + export CXX + cd fedora-crypto-policies-86c0178-86c0178416fe7998bbf553a3e713a9c4b7205757 + '[' 1 -eq 1 ']' + make test -j12 SKIP_LINTING=1 for f in $(find tests/outputs -name '*-sequoia.txt') ; do \ sequoia-policy-config-check "$f"; \ done python/build-crypto-policies.py --strict --test --flat policies tests/outputs gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpegzoiha1 mtime 1745351432 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 16 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 7 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 14 NSS-POLICY-INFO: NUMBER-OF-ECC: 4 NSS-POLICY-INFO: NUMBER-OF-HASH: 6 NSS-POLICY-INFO: NUMBER-OF-MAC: 3 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 4 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 12 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 ============================= test session starts ============================== platform linux -- Python 3.13.3, pytest-8.3.5, pluggy-1.5.0 -- /usr/bin/python3 cachedir: .pytest_cache rootdir: /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/fedora-crypto-policies-86c0178-86c0178416fe7998bbf553a3e713a9c4b7205757 configfile: pytest.ini collecting ... ============================= test session starts ============================== platform linux -- Python 3.13.3, pytest-8.3.5, pluggy-1.5.0 -- /usr/bin/python3 cachedir: .pytest_cache rootdir: /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/fedora-crypto-policies-86c0178-86c0178416fe7998bbf553a3e713a9c4b7205757 configfile: pytest.ini collecting ... gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: marking hash SHAKE-128 as secure gnutls[2]: cfg: marking hash SHA1 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature DSA-SHA256 as secure gnutls[2]: cfg: marking signature DSA-SHA384 as secure gnutls[2]: cfg: marking signature DSA-SHA512 as secure gnutls[2]: cfg: marking signature DSA-SHA224 as secure gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure gnutls[2]: cfg: marking signature RSA-SHA1 as secure gnutls[2]: cfg: marking signature DSA-SHA1 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature rsa-sha1 as secure for certs gnutls[2]: cfg: marking signature dsa-sha1 as secure for certs gnutls[2]: cfg: marking signature ecdsa-sha1 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling cipher 3DES-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-DSS for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version TLS1.1 gnutls[2]: cfg: enabling version TLS1.0 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: enabling version DTLS1.0 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmprp_j3vcq mtime 1745351432 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA1 is enabled for SSL-KX NSS-POLICY-INFO: SHA1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: DES-EDE3-CBC is enabled for SSL NSS-POLICY-INFO: RSA is enabled for SSL-KX NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: DHE-DSS is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: DSA is enabled for SSL-KX NSS-POLICY-INFO: DSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 23 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 10 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 19 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 9 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 6 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 5 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 5 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_3DES_EDE_CBC_SHA is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 33 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 collected 12 items python/cryptopolicies/alg_lists.py::cryptopolicies.alg_lists.earliest_occurrence PASSED [ 8%] python/cryptopolicies/alg_lists.py::cryptopolicies.alg_lists.glob PASSED [ 16%] python/cryptopolicies/alg_lists.py::cryptopolicies.alg_lists.max_dtls_version PASSED [ 25%] python/cryptopolicies/alg_lists.py::cryptopolicies.alg_lists.max_tls_version PASSED [ 33%] python/cryptopolicies/alg_lists.py::cryptopolicies.alg_lists.min_dtls_version PASSED [ 41%] python/cryptopolicies/alg_lists.py::cryptopolicies.alg_lists.min_tls_version PASSED [ 50%] python/cryptopolicies/cryptopolicies.py::cryptopolicies.cryptopolicies.ScopeSelector.__init__ PASSED [ 58%] python/cryptopolicies/cryptopolicies.py::cryptopolicies.cryptopolicies.ScopeSelector.matches PASSED [ 66%] python/cryptopolicies/cryptopolicies.py::cryptopolicies.cryptopolicies.ScopedPolicy Pseudo-terminal will not be allocated because stdin is not a terminal. PASSED [ 75%] python/cryptopolicies/cryptopolicies.py::cryptopolicies.cryptopolicies.parse_line PASSED [ 83%] python/cryptopolicies/cryptopolicies.py::cryptopolicies.cryptopolicies.parse_rhs PASSED [ 91%] python/cryptopolicies/cryptopolicies.py::cryptopolicies.cryptopolicies.preprocess_text PASSED [100%] ============================== 12 passed in 0.09s ============================== sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 collected 47 items tests/unit/test_alg_lists.py::test_glob_alg_sanity PASSED [ 2%] tests/unit/test_alg_lists.py::test_glob_alg_globbing PASSED [ 4%] tests/unit/test_alg_lists.py::test_glob_experimental PASSED [ 6%] tests/unit/test_alg_lists.py::test_glob_alg_algorithm_empty PASSED [ 8%] tests/unit/test_alg_lists.py::test_glob_alg_algorithm_class_unknown PASSED [ 10%] tests/unit/test_alg_lists.py::test_min_versions PASSED [ 12%] tests/unit/test_alg_lists.py::test_max_versions PASSED [ 14%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_is_empty PASSED [ 17%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_not_found PASSED [ 19%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_smoke_broken PASSED [ 21%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_smoke_basic PASSED [ 23%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_smoke_subpolicy PASSED [ 25%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_smoke_several_subpolicies PASSED [ 27%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_compat_diamond_new_recommended PASSED [ 29%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_compat_diamond_old_recommended PASSED [ 31%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_compat_diamond_breaking1 PASSED [ 34%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_compat_diamond_breaking2 PASSED [ 36%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_sha1_in_dnssec gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmp_lcm_r5z mtime 1745351432 gnutls[2]: cfg: deferred setting system-wide priority string PASSED [ 38%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_compat_to_enum PASSED [ 40%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_compat_scoped_ssh_etm_to_enum PASSED [ 42%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_prepend_order PASSED [ 44%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_no_duplicates PASSED [ 46%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_minver PASSED [ 48%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_maxver PASSED [ 51%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_experimental PASSED [ 53%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_to_string_empty PASSED [ 55%] tests/unit/test_cryptopolicy.py::test_cryptopolicy_to_string_twisted PASSED [ 57%]NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: RSA is enabled for SSL-KX NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX tests/unit/test_parse_line.py::test_parse_line NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 20 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 8 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 PASSED [ 59%] tests/unit/test_parse_line.py::test_parse_bad PASSED [ 61%] tests/unit/test_parse_rhs.py::test_parse_rhs PASSED [ 63%] tests/unit/test_preprocess_text.py::test_preprocess_text_basics PASSED [ 65%] tests/unit/test_preprocess_text.py::test_preprocess_text_compat PASSED [ 68%] tests/unit/test_preprocess_text.py::test_preprocess_text_compat_problematic PASSED [ 70%] tests/unit/test_preprocess_text.py::test_preprocess_text_compat_diamond_problem PASSED [ 72%] tests/unit/test_scope_selector.py::test_scope_selector_any PASSED [ 74%] tests/unit/test_scope_selector.py::test_scope_selector_tls PASSED [ 76%] tests/unit/test_scope_selector.py::test_scope_selector_nontls PASSED [ 78%] tests/unit/test_scope_selector.py::test_scope_selector_posglob PASSED [ 80%]Pseudo-terminal will not be allocated because stdin is not a terminal. tests/unit/test_scope_selector.py::test_scope_selector_negglob PASSED [ 82%] tests/unit/test_scope_selector.py::test_scope_selector_posmixed PASSED [ 85%] tests/unit/test_scope_selector.py::test_scope_selector_negmixed PASSED [ 87%] tests/unit/test_scope_selector.py::test_scope_selector_curly_brackets PASSED [ 89%] tests/unit/test_scope_selector.py::test_scope_selector_empty PASSED [ 91%] tests/unit/test_scope_selector.py::test_scope_selector_illegal_character PASSED [ 93%] tests/unit/test_scope_selector.py::test_scope_selector_comma PASSED [ 95%] tests/unit/test_scope_selector.py::test_scope_selector_unknown PASSED [ 97%] tests/unit/test_scope_selector.py::test_scope_selector_nomatch PASSED [100%] ============================== 47 passed in 0.25s ============================== sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpppdzm_k3 mtime 1745351432 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 17 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 8 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 14 NSS-POLICY-INFO: NUMBER-OF-ECC: 4 NSS-POLICY-INFO: NUMBER-OF-HASH: 7 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 4 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 18 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmptko1xkh2 mtime 1745351432 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: RSA is enabled for SSL-KX NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 20 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 8 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmp7voixs9a mtime 1745351432 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 17 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 5 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 15 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 6 NSS-POLICY-INFO: NUMBER-OF-MAC: 3 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 2 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4 NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 8 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpkxee7p4h mtime 1745351432 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: RSA is enabled for SSL-KX NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 20 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 8 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 python/build-crypto-policies.py --strict --policy FIPS:OSPP --test --flat policies tests/outputs gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpxkti1k0e mtime 1745351433 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 11 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 5 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 11 NSS-POLICY-INFO: NUMBER-OF-ECC: 2 NSS-POLICY-INFO: NUMBER-OF-HASH: 6 NSS-POLICY-INFO: NUMBER-OF-MAC: 3 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 2 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 5 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 python/build-crypto-policies.py --strict --policy FIPS:ECDHE-ONLY --test --flat policies tests/outputs gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmp3_estv2t mtime 1745351433 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 16 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 8 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 14 NSS-POLICY-INFO: NUMBER-OF-ECC: 4 NSS-POLICY-INFO: NUMBER-OF-HASH: 7 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 4 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 2 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 12 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 python/build-crypto-policies.py --strict --policy FIPS:NO-ENFORCE-EMS --test --flat policies tests/outputs gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmp6_frzctw mtime 1745351433 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 17 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 8 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 14 NSS-POLICY-INFO: NUMBER-OF-ECC: 4 NSS-POLICY-INFO: NUMBER-OF-HASH: 7 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 4 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 18 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 python/build-crypto-policies.py --strict --policy DEFAULT:GOST --test --flat policies tests/outputs gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmp0fp4z94p mtime 1745351433 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: RSA is enabled for SSL-KX NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 20 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 8 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 python/build-crypto-policies.py --strict --policy GOST-ONLY --test --flat policies tests/outputs python/build-crypto-policies.py --strict --policy LEGACY:AD-SUPPORT --test --flat policies tests/outputs gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: marking hash SHAKE-128 as secure gnutls[2]: cfg: marking hash SHA1 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature DSA-SHA256 as secure gnutls[2]: cfg: marking signature DSA-SHA384 as secure gnutls[2]: cfg: marking signature DSA-SHA512 as secure gnutls[2]: cfg: marking signature DSA-SHA224 as secure gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure gnutls[2]: cfg: marking signature RSA-SHA1 as secure gnutls[2]: cfg: marking signature DSA-SHA1 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature rsa-sha1 as secure for certs gnutls[2]: cfg: marking signature dsa-sha1 as secure for certs gnutls[2]: cfg: marking signature ecdsa-sha1 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling cipher 3DES-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-DSS for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version TLS1.1 gnutls[2]: cfg: enabling version TLS1.0 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: enabling version DTLS1.0 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpmzy9sgmm mtime 1745351434 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA1 is enabled for SSL-KX NSS-POLICY-INFO: SHA1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: DES-EDE3-CBC is enabled for SSL NSS-POLICY-INFO: RSA is enabled for SSL-KX NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: DHE-DSS is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: DSA is enabled for SSL-KX NSS-POLICY-INFO: DSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 23 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 10 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 19 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 9 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 6 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 5 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 5 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_3DES_EDE_CBC_SHA is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 33 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 python/build-crypto-policies.py --policy DEFAULT:NO-PQ --test --flat policies tests/outputs # not strict, sadly ExperimentalValueWarning: `group` values `MLKEM512`, `X25519-MLKEM512`, `MLKEM768`, `X448-MLKEM768`, `P256-MLKEM512`, `MLKEM1024`, `P384-MLKEM768`, `P521-MLKEM1024` are experimental and might go away in the future ExperimentalValueWarning: `sign` values `SPHINCSSHA2128FSIMPLE`, `P256-SPHINCSSHA2128FSIMPLE`, `RSA3072-SPHINCSSHA2128FSIMPLE`, `SPHINCSSHA2128SSIMPLE`, `P256-SPHINCSSHA2128SSIMPLE`, `RSA3072-SPHINCSSHA2128SSIMPLE`, `SPHINCSSHA2192FSIMPLE`, `P384-SPHINCSSHA2192FSIMPLE`, `SPHINCSSHAKE128FSIMPLE`, `P256-SPHINCSSHAKE128FSIMPLE`, `RSA3072-SPHINCSSHAKE128FSIMPLE` are experimental and might go away in the future ExperimentalValueWarning: `sign` values `FALCON512`, `P256-FALCON512`, `RSA3072-FALCON512`, `FALCONPADDED512`, `P256-FALCONPADDED512`, `RSA3072-FALCONPADDED512`, `FALCON1024`, `P521-FALCON1024`, `FALCONPADDED1024`, `P521-FALCONPADDED1024` are experimental and might go away in the future ExperimentalValueWarning: `sign` values `P256-MLDSA44`, `RSA3072-MLDSA44`, `MLDSA44-PSS2048`, `MLDSA44-RSA2048`, `MLDSA44-ED25519`, `MLDSA44-P256`, `MLDSA44-BP256`, `P384-MLDSA65`, `MLDSA65-PSS3072`, `MLDSA65-RSA3072`, `MLDSA65-P256`, `MLDSA65-BP256`, `MLDSA65-ED25519`, `P521-MLDSA87`, `MLDSA87-P384`, `MLDSA87-BP384`, `MLDSA87-ED448` are experimental and might go away in the future gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmp0h7rshnn mtime 1745351434 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: RSA is enabled for SSL-KX NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 20 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 8 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 python/build-crypto-policies.py --policy DEFAULT:TEST-PQ --test --flat policies tests/outputs # not strict ExperimentalValueWarning: `group` value `P521-MLKEM1024` is experimental and might go away in the future ExperimentalValueWarning: `group` value `MLKEM1024` is experimental and might go away in the future ExperimentalValueWarning: `group` value `X448-MLKEM768` is experimental and might go away in the future ExperimentalValueWarning: `group` value `P384-MLKEM768` is experimental and might go away in the future ExperimentalValueWarning: `group` value `MLKEM768` is experimental and might go away in the future ExperimentalValueWarning: `group` value `X25519-MLKEM512` is experimental and might go away in the future ExperimentalValueWarning: `group` value `P256-MLKEM512` is experimental and might go away in the future ExperimentalValueWarning: `group` value `MLKEM512` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `RSA3072-SPHINCSSHAKE128FSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P256-SPHINCSSHAKE128FSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `SPHINCSSHAKE128FSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P384-SPHINCSSHA2192FSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `SPHINCSSHA2192FSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `RSA3072-SPHINCSSHA2128SSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P256-SPHINCSSHA2128SSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `SPHINCSSHA2128SSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `RSA3072-SPHINCSSHA2128FSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P256-SPHINCSSHA2128FSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `SPHINCSSHA2128FSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P521-FALCONPADDED1024` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `FALCONPADDED1024` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P521-FALCON1024` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `FALCON1024` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `RSA3072-FALCONPADDED512` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P256-FALCONPADDED512` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `FALCONPADDED512` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `RSA3072-FALCON512` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P256-FALCON512` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `FALCON512` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA87-ED448` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA87-BP384` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA87-P384` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P521-MLDSA87` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA65-ED25519` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA65-BP256` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA65-P256` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA65-RSA3072` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA65-PSS3072` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P384-MLDSA65` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA44-BP256` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA44-P256` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA44-ED25519` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA44-RSA2048` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA44-PSS2048` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `RSA3072-MLDSA44` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P256-MLDSA44` is experimental and might go away in the future gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmp693xf0yf mtime 1745351434 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: RSA is enabled for SSL-KX NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 20 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 8 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 # FEDORA43 === DEFAULT diff policies/FEDORA43.pol policies/DEFAULT.pol # FEDORA43:NO-PQ == FEDORA42 == FEDORA43:TEST-PQ:NO-PQ #mkdir -p output/compare/FEDORA43:NO-PQ output/compare/FEDORA42 python/build-crypto-policies.py --policy FEDORA43:NO-PQ policies output/compare # not strict ExperimentalValueWarning: `group` values `MLKEM512`, `X25519-MLKEM512`, `MLKEM768`, `X448-MLKEM768`, `P256-MLKEM512`, `MLKEM1024`, `P384-MLKEM768`, `P521-MLKEM1024` are experimental and might go away in the future ExperimentalValueWarning: `sign` values `SPHINCSSHA2128FSIMPLE`, `P256-SPHINCSSHA2128FSIMPLE`, `RSA3072-SPHINCSSHA2128FSIMPLE`, `SPHINCSSHA2128SSIMPLE`, `P256-SPHINCSSHA2128SSIMPLE`, `RSA3072-SPHINCSSHA2128SSIMPLE`, `SPHINCSSHA2192FSIMPLE`, `P384-SPHINCSSHA2192FSIMPLE`, `SPHINCSSHAKE128FSIMPLE`, `P256-SPHINCSSHAKE128FSIMPLE`, `RSA3072-SPHINCSSHAKE128FSIMPLE` are experimental and might go away in the future ExperimentalValueWarning: `sign` values `FALCON512`, `P256-FALCON512`, `RSA3072-FALCON512`, `FALCONPADDED512`, `P256-FALCONPADDED512`, `RSA3072-FALCONPADDED512`, `FALCON1024`, `P521-FALCON1024`, `FALCONPADDED1024`, `P521-FALCONPADDED1024` are experimental and might go away in the future ExperimentalValueWarning: `sign` values `P256-MLDSA44`, `RSA3072-MLDSA44`, `MLDSA44-PSS2048`, `MLDSA44-RSA2048`, `MLDSA44-ED25519`, `MLDSA44-P256`, `MLDSA44-BP256`, `P384-MLDSA65`, `MLDSA65-PSS3072`, `MLDSA65-RSA3072`, `MLDSA65-P256`, `MLDSA65-BP256`, `MLDSA65-ED25519`, `P521-MLDSA87`, `MLDSA87-P384`, `MLDSA87-BP384`, `MLDSA87-ED448` are experimental and might go away in the future gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpl1wy5_ma mtime 1745351434 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: RSA is enabled for SSL-KX NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 20 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 8 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 Saving config for bind for policy FEDORA43:NO-PQ Saving config for gnutls for policy FEDORA43:NO-PQ Saving config for java for policy FEDORA43:NO-PQ Saving config for krb5 for policy FEDORA43:NO-PQ Saving config for libreswan for policy FEDORA43:NO-PQ Saving config for libssh for policy FEDORA43:NO-PQ Saving config for nss for policy FEDORA43:NO-PQ Saving config for openssh for policy FEDORA43:NO-PQ Saving config for opensshserver for policy FEDORA43:NO-PQ Saving config for openssl_fips for policy FEDORA43:NO-PQ Saving config for opensslcnf for policy FEDORA43:NO-PQ Saving config for rpm-sequoia for policy FEDORA43:NO-PQ Saving config for sequoia for policy FEDORA43:NO-PQ python/build-crypto-policies.py --policy FEDORA43:TEST-PQ:NO-PQ policies output/compare # not strict ExperimentalValueWarning: `group` value `P521-MLKEM1024` is experimental and might go away in the future ExperimentalValueWarning: `group` value `MLKEM1024` is experimental and might go away in the future ExperimentalValueWarning: `group` value `X448-MLKEM768` is experimental and might go away in the future ExperimentalValueWarning: `group` value `P384-MLKEM768` is experimental and might go away in the future ExperimentalValueWarning: `group` value `MLKEM768` is experimental and might go away in the future ExperimentalValueWarning: `group` value `X25519-MLKEM512` is experimental and might go away in the future ExperimentalValueWarning: `group` value `P256-MLKEM512` is experimental and might go away in the future ExperimentalValueWarning: `group` value `MLKEM512` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `RSA3072-SPHINCSSHAKE128FSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P256-SPHINCSSHAKE128FSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `SPHINCSSHAKE128FSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P384-SPHINCSSHA2192FSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `SPHINCSSHA2192FSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `RSA3072-SPHINCSSHA2128SSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P256-SPHINCSSHA2128SSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `SPHINCSSHA2128SSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `RSA3072-SPHINCSSHA2128FSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P256-SPHINCSSHA2128FSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `SPHINCSSHA2128FSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P521-FALCONPADDED1024` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `FALCONPADDED1024` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P521-FALCON1024` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `FALCON1024` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `RSA3072-FALCONPADDED512` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P256-FALCONPADDED512` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `FALCONPADDED512` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `RSA3072-FALCON512` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P256-FALCON512` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `FALCON512` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA87-ED448` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA87-BP384` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA87-P384` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P521-MLDSA87` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA65-ED25519` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA65-BP256` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA65-P256` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA65-RSA3072` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA65-PSS3072` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P384-MLDSA65` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA44-BP256` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA44-P256` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA44-ED25519` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA44-RSA2048` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA44-PSS2048` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `RSA3072-MLDSA44` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P256-MLDSA44` is experimental and might go away in the future ExperimentalValueWarning: `group` values `MLKEM512`, `X25519-MLKEM512`, `MLKEM768`, `X448-MLKEM768`, `P256-MLKEM512`, `MLKEM1024`, `P384-MLKEM768`, `P521-MLKEM1024` are experimental and might go away in the future ExperimentalValueWarning: `sign` values `SPHINCSSHA2128FSIMPLE`, `P256-SPHINCSSHA2128FSIMPLE`, `RSA3072-SPHINCSSHA2128FSIMPLE`, `SPHINCSSHA2128SSIMPLE`, `P256-SPHINCSSHA2128SSIMPLE`, `RSA3072-SPHINCSSHA2128SSIMPLE`, `SPHINCSSHA2192FSIMPLE`, `P384-SPHINCSSHA2192FSIMPLE`, `SPHINCSSHAKE128FSIMPLE`, `P256-SPHINCSSHAKE128FSIMPLE`, `RSA3072-SPHINCSSHAKE128FSIMPLE` are experimental and might go away in the future ExperimentalValueWarning: `sign` values `FALCON512`, `P256-FALCON512`, `RSA3072-FALCON512`, `FALCONPADDED512`, `P256-FALCONPADDED512`, `RSA3072-FALCONPADDED512`, `FALCON1024`, `P521-FALCON1024`, `FALCONPADDED1024`, `P521-FALCONPADDED1024` are experimental and might go away in the future ExperimentalValueWarning: `sign` values `P256-MLDSA44`, `RSA3072-MLDSA44`, `MLDSA44-PSS2048`, `MLDSA44-RSA2048`, `MLDSA44-ED25519`, `MLDSA44-P256`, `MLDSA44-BP256`, `P384-MLDSA65`, `MLDSA65-PSS3072`, `MLDSA65-RSA3072`, `MLDSA65-P256`, `MLDSA65-BP256`, `MLDSA65-ED25519`, `P521-MLDSA87`, `MLDSA87-P384`, `MLDSA87-BP384`, `MLDSA87-ED448` are experimental and might go away in the future gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmp9pqzoduz mtime 1745351435 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: RSA is enabled for SSL-KX NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 20 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 8 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 Saving config for bind for policy FEDORA43:TEST-PQ:NO-PQ Saving config for gnutls for policy FEDORA43:TEST-PQ:NO-PQ Saving config for java for policy FEDORA43:TEST-PQ:NO-PQ Saving config for krb5 for policy FEDORA43:TEST-PQ:NO-PQ Saving config for libreswan for policy FEDORA43:TEST-PQ:NO-PQ Saving config for libssh for policy FEDORA43:TEST-PQ:NO-PQ Saving config for nss for policy FEDORA43:TEST-PQ:NO-PQ Saving config for openssh for policy FEDORA43:TEST-PQ:NO-PQ Saving config for opensshserver for policy FEDORA43:TEST-PQ:NO-PQ Saving config for openssl_fips for policy FEDORA43:TEST-PQ:NO-PQ Saving config for opensslcnf for policy FEDORA43:TEST-PQ:NO-PQ Saving config for rpm-sequoia for policy FEDORA43:TEST-PQ:NO-PQ Saving config for sequoia for policy FEDORA43:TEST-PQ:NO-PQ python/build-crypto-policies.py --strict --policy FEDORA42 policies output/compare gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpgfwyrhnu mtime 1745351435 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: RSA is enabled for SSL-KX NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 20 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 8 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 Saving config for bind for policy FEDORA42 Saving config for gnutls for policy FEDORA42 Saving config for java for policy FEDORA42 Saving config for krb5 for policy FEDORA42 Saving config for libreswan for policy FEDORA42 Saving config for libssh for policy FEDORA42 Saving config for nss for policy FEDORA42 Saving config for openssh for policy FEDORA42 Saving config for opensshserver for policy FEDORA42 Saving config for openssl_fips for policy FEDORA42 Saving config for opensslcnf for policy FEDORA42 Saving config for rpm-sequoia for policy FEDORA42 Saving config for sequoia for policy FEDORA42 diff -r output/compare/FEDORA43:NO-PQ output/compare/FEDORA42 diff -r output/compare/FEDORA43:TEST-PQ:NO-PQ output/compare/FEDORA42 rm -r output/compare tests/openssl.py Checking the OpenSSL configuration Checking policy FUTURE Checking policy FEDORA42 Checking policy FIPS:NO-ENFORCE-EMS Checking policy FIPS Checking policy LEGACY:AD-SUPPORT Checking policy DEFAULT:TEST-PQ Checking policy BSI Checking policy DEFAULT:GOST Checking policy LEGACY Checking policy FIPS:ECDHE-ONLY Checking policy DEFAULT:NO-PQ Checking policy DEFAULT Checking policy FEDORA43 Checking policy FIPS:OSPP tests/gnutls.py Checking the GnuTLS configuration Checking policy DEFAULT:GOST Checking policy FIPS:ECDHE-ONLY Checking policy FUTURE Checking policy FIPS:NO-ENFORCE-EMS Checking policy DEFAULT:NO-PQ Checking policy BSI Checking policy FIPS Checking policy LEGACY Checking policy LEGACY:AD-SUPPORT Checking policy FIPS:OSPP Checking policy EMPTY Checking policy DEFAULT:TEST-PQ Checking policy FEDORA42 Checking policy FEDORA43 Checking policy DEFAULT tests/nss.py Checking the NSS configuration Checking policy LEGACY Checking policy DEFAULT:GOST Checking policy LEGACY:AD-SUPPORT Checking policy FIPS:ECDHE-ONLY Checking policy DEFAULT:TEST-PQ Checking policy DEFAULT Checking policy BSI Checking policy FIPS:OSPP Checking policy GOST-ONLY Checking policy DEFAULT:NO-PQ Checking policy FIPS:NO-ENFORCE-EMS Checking policy FEDORA43 Checking policy FEDORA42 Checking policy FIPS Checking policy EMPTY Checking policy FUTURE tests/java.py Checking the Java configuration Checking policy BSI Checking policy LEGACY Checking policy FEDORA42 Checking policy FIPS:ECDHE-ONLY Checking policy DEFAULT:TEST-PQ Checking policy FEDORA43 Checking policy FUTURE Checking policy DEFAULT:GOST Checking policy FIPS Checking policy FIPS:NO-ENFORCE-EMS Checking policy DEFAULT:NO-PQ Checking policy FIPS:OSPP Checking policy LEGACY:AD-SUPPORT Checking policy DEFAULT Checking policy GOST-ONLY Checking policy EMPTY tests/krb5.py Skipping krb5 test; checker not found! top_srcdir=. tests/update-crypto-policies.sh Saving config for bind for policy BSI Saving config for gnutls for policy BSI Saving config for java for policy BSI Saving config for krb5 for policy BSI Saving config for libreswan for policy BSI Saving config for libssh for policy BSI Saving config for nss for policy BSI Saving config for openssh for policy BSI Saving config for opensshserver for policy BSI Saving config for openssl_fips for policy BSI Saving config for opensslcnf for policy BSI Saving config for rpm-sequoia for policy BSI Saving config for sequoia for policy BSI Saving config for bind for policy LEGACY Saving config for gnutls for policy LEGACY Saving config for java for policy LEGACY Saving config for krb5 for policy LEGACY Saving config for libreswan for policy LEGACY Saving config for libssh for policy LEGACY Saving config for nss for policy LEGACY Saving config for openssh for policy LEGACY Saving config for opensshserver for policy LEGACY Saving config for openssl_fips for policy LEGACY Saving config for opensslcnf for policy LEGACY Saving config for rpm-sequoia for policy LEGACY Saving config for sequoia for policy LEGACY Saving config for bind for policy EMPTY Saving config for gnutls for policy EMPTY Saving config for java for policy EMPTY Saving config for krb5 for policy EMPTY Saving config for libreswan for policy EMPTY Saving config for libssh for policy EMPTY Saving config for nss for policy EMPTY Saving config for openssh for policy EMPTY Saving config for opensshserver for policy EMPTY Saving config for openssl_fips for policy EMPTY Saving config for opensslcnf for policy EMPTY Saving config for rpm-sequoia for policy EMPTY Saving config for sequoia for policy EMPTY Saving config for bind for policy GOST-ONLY Saving config for gnutls for policy GOST-ONLY Saving config for java for policy GOST-ONLY Saving config for krb5 for policy GOST-ONLY Saving config for libreswan for policy GOST-ONLY Saving config for libssh for policy GOST-ONLY Saving config for nss for policy GOST-ONLY Saving config for openssh for policy GOST-ONLY Saving config for opensshserver for policy GOST-ONLY Saving config for openssl_fips for policy GOST-ONLY Saving config for opensslcnf for policy GOST-ONLY Saving config for rpm-sequoia for policy GOST-ONLY Saving config for sequoia for policy GOST-ONLY Saving config for bind for policy FEDORA43 Saving config for gnutls for policy FEDORA43 Saving config for java for policy FEDORA43 Saving config for krb5 for policy FEDORA43 Saving config for libreswan for policy FEDORA43 Saving config for libssh for policy FEDORA43 Saving config for nss for policy FEDORA43 Saving config for openssh for policy FEDORA43 Saving config for opensshserver for policy FEDORA43 Saving config for openssl_fips for policy FEDORA43 Saving config for opensslcnf for policy FEDORA43 Saving config for rpm-sequoia for policy FEDORA43 Saving config for sequoia for policy FEDORA43 Saving config for bind for policy FIPS Saving config for gnutls for policy FIPS Saving config for java for policy FIPS Saving config for krb5 for policy FIPS Saving config for libreswan for policy FIPS Saving config for libssh for policy FIPS Saving config for nss for policy FIPS Saving config for openssh for policy FIPS Saving config for opensshserver for policy FIPS Saving config for openssl_fips for policy FIPS Saving config for opensslcnf for policy FIPS Saving config for rpm-sequoia for policy FIPS Saving config for sequoia for policy FIPS Saving config for bind for policy DEFAULT Saving config for gnutls for policy DEFAULT Saving config for java for policy DEFAULT Saving config for krb5 for policy DEFAULT Saving config for libreswan for policy DEFAULT Saving config for libssh for policy DEFAULT Saving config for nss for policy DEFAULT Saving config for openssh for policy DEFAULT Saving config for opensshserver for policy DEFAULT Saving config for openssl_fips for policy DEFAULT Saving config for opensslcnf for policy DEFAULT Saving config for rpm-sequoia for policy DEFAULT Saving config for sequoia for policy DEFAULT Saving config for bind for policy FUTURE Saving config for gnutls for policy FUTURE Saving config for java for policy FUTURE Saving config for krb5 for policy FUTURE Saving config for libreswan for policy FUTURE Saving config for libssh for policy FUTURE Saving config for nss for policy FUTURE Saving config for openssh for policy FUTURE Saving config for opensshserver for policy FUTURE Saving config for openssl_fips for policy FUTURE Saving config for opensslcnf for policy FUTURE Saving config for rpm-sequoia for policy FUTURE Saving config for sequoia for policy FUTURE Saving config for bind for policy FEDORA42 Saving config for gnutls for policy FEDORA42 Saving config for java for policy FEDORA42 Saving config for krb5 for policy FEDORA42 Saving config for libreswan for policy FEDORA42 Saving config for libssh for policy FEDORA42 Saving config for nss for policy FEDORA42 Saving config for openssh for policy FEDORA42 Saving config for opensshserver for policy FEDORA42 Saving config for openssl_fips for policy FEDORA42 Saving config for opensslcnf for policy FEDORA42 Saving config for rpm-sequoia for policy FEDORA42 Saving config for sequoia for policy FEDORA42 tests/update-crypto-policies.sh: checking if default profile is properly selected Setting system policy to DEFAULT Note: System-wide crypto policies are applied on application start-up. It is recommended to restart the system for the change of policies to fully take place. tests/update-crypto-policies.sh: checking if current policy dump is equal to the original default profile PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement Setting system policy to CURRENT Note: System-wide crypto policies are applied on application start-up. It is recommended to restart the system for the change of policies to fully take place. tests/update-crypto-policies.sh: checking if switching to other profile works Setting system policy to LEGACY Note: System-wide crypto policies are applied on application start-up. It is recommended to restart the system for the change of policies to fully take place. tests/update-crypto-policies.sh: checking if local.d works Setting system policy to DEFAULT Note: System-wide crypto policies are applied on application start-up. It is recommended to restart the system for the change of policies to fully take place. tests/update-crypto-policies.sh: checking if --check works (test 1) The configured policy matches the generated policy The configured policy does NOT match the generated policy --check works as expected tests/update-crypto-policies.sh: checking if --check works (test 2) Setting system policy to DEFAULT Note: System-wide crypto policies are applied on application start-up. It is recommended to restart the system for the change of policies to fully take place. The configured policy matches the generated policy The configured policy does NOT match the generated policy --check works as expected cp -r tests/outputs output/alt python/build-crypto-policies.py --test --flat tests/alternative-policies output/alt PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_group is deprecated, please rewrite your rules using group@SSH; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 1 is deprecated, please rewrite your rules using hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using etm@SSH = ANY; be advised that it is not always a 1-1 replacement gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: marking hash SHAKE-128 as secure gnutls[2]: cfg: marking hash SHA1 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature DSA-SHA256 as secure gnutls[2]: cfg: marking signature DSA-SHA384 as secure gnutls[2]: cfg: marking signature DSA-SHA512 as secure gnutls[2]: cfg: marking signature DSA-SHA224 as secure gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure gnutls[2]: cfg: marking signature RSA-SHA1 as secure gnutls[2]: cfg: marking signature DSA-SHA1 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature rsa-sha1 as secure for certs gnutls[2]: cfg: marking signature dsa-sha1 as secure for certs gnutls[2]: cfg: marking signature ecdsa-sha1 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling cipher 3DES-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-DSS for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version TLS1.1 gnutls[2]: cfg: enabling version TLS1.0 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: enabling version DTLS1.0 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpf8v2f2z1 mtime 1745351444 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA1 is enabled for SSL-KX NSS-POLICY-INFO: SHA1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: DES-EDE3-CBC is enabled for SSL NSS-POLICY-INFO: RSA is enabled for SSL-KX NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: DHE-DSS is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: DSA is enabled for SSL-KX NSS-POLICY-INFO: DSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 23 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 10 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 19 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 9 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 6 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 5 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 5 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_3DES_EDE_CBC_SHA is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 33 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_group is deprecated, please rewrite your rules using group@SSH; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 0 is deprecated, please rewrite your rules using hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_etm = 0 is deprecated, please rewrite your rules using etm@SSH = DISABLE_ETM; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 1 is deprecated, please rewrite your rules using hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using etm@SSH = ANY; be advised that it is not always a 1-1 replacement gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpbr87c62q mtime 1745351444 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: RSA is enabled for SSL-KX NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 20 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 8 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 0 is deprecated, please rewrite your rules using hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using etm@SSH = ANY; be advised that it is not always a 1-1 replacement gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpb0yey6qg mtime 1745351445 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 17 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 8 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 14 NSS-POLICY-INFO: NUMBER-OF-ECC: 4 NSS-POLICY-INFO: NUMBER-OF-HASH: 7 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 4 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 18 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 1 is deprecated, please rewrite your rules using hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using etm@SSH = ANY; be advised that it is not always a 1-1 replacement gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpmqa9ucpf mtime 1745351445 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: RSA is enabled for SSL-KX NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 20 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 8 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 0 is deprecated, please rewrite your rules using hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using etm@SSH = ANY; be advised that it is not always a 1-1 replacement gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpm4qbtnhm mtime 1745351445 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 17 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 5 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 15 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 6 NSS-POLICY-INFO: NUMBER-OF-MAC: 3 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 2 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4 NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 8 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 1 is deprecated, please rewrite your rules using hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using etm@SSH = ANY; be advised that it is not always a 1-1 replacement gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmp2t7z5_9f mtime 1745351445 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: RSA is enabled for SSL-KX NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 20 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 8 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 python/build-crypto-policies.py --policy FIPS:OSPP --test --flat tests/alternative-policies output/alt PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 0 is deprecated, please rewrite your rules using hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using etm@SSH = ANY; be advised that it is not always a 1-1 replacement gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmps7j3b7pn mtime 1745351445 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 11 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 5 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 11 NSS-POLICY-INFO: NUMBER-OF-ECC: 2 NSS-POLICY-INFO: NUMBER-OF-HASH: 6 NSS-POLICY-INFO: NUMBER-OF-MAC: 3 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 2 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 5 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 python/build-crypto-policies.py --policy FIPS:ECDHE-ONLY --test --flat tests/alternative-policies output/alt PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 0 is deprecated, please rewrite your rules using hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using etm@SSH = ANY; be advised that it is not always a 1-1 replacement gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpeufvsv43 mtime 1745351445 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 16 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 8 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 14 NSS-POLICY-INFO: NUMBER-OF-ECC: 4 NSS-POLICY-INFO: NUMBER-OF-HASH: 7 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 4 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 2 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 12 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 python/build-crypto-policies.py --policy FIPS:NO-ENFORCE-EMS --test --flat tests/alternative-policies output/alt PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 0 is deprecated, please rewrite your rules using hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using etm@SSH = ANY; be advised that it is not always a 1-1 replacement gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmprin2w8cl mtime 1745351445 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 17 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 8 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 14 NSS-POLICY-INFO: NUMBER-OF-ECC: 4 NSS-POLICY-INFO: NUMBER-OF-HASH: 7 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 4 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 18 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 python/build-crypto-policies.py --policy GOST-ONLY --test --flat tests/alternative-policies output/alt PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement python/build-crypto-policies.py --policy LEGACY:AD-SUPPORT --test --flat tests/alternative-policies output/alt PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_group is deprecated, please rewrite your rules using group@SSH; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 1 is deprecated, please rewrite your rules using hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using etm@SSH = ANY; be advised that it is not always a 1-1 replacement gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: marking hash SHAKE-128 as secure gnutls[2]: cfg: marking hash SHA1 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature DSA-SHA256 as secure gnutls[2]: cfg: marking signature DSA-SHA384 as secure gnutls[2]: cfg: marking signature DSA-SHA512 as secure gnutls[2]: cfg: marking signature DSA-SHA224 as secure gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure gnutls[2]: cfg: marking signature RSA-SHA1 as secure gnutls[2]: cfg: marking signature DSA-SHA1 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature DSA-SHA1 as secure for certs gnutls[2]: cfg: marking signature rsa-sha1 as secure for certs gnutls[2]: cfg: marking signature dsa-sha1 as secure for certs gnutls[2]: cfg: marking signature ecdsa-sha1 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling cipher 3DES-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-DSS for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version TLS1.1 gnutls[2]: cfg: enabling version TLS1.0 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: enabling version DTLS1.0 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmp73ctf129 mtime 1745351446 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA1 is enabled for SSL-KX NSS-POLICY-INFO: SHA1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: DES-EDE3-CBC is enabled for SSL NSS-POLICY-INFO: RSA is enabled for SSL-KX NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: DHE-DSS is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: DSA is enabled for SSL-KX NSS-POLICY-INFO: DSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 23 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 10 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 19 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 9 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 6 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 5 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 5 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_3DES_EDE_CBC_SHA is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 33 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 python/build-crypto-policies.py --policy DEFAULT:GOST --test --flat tests/alternative-policies output/alt PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 1 is deprecated, please rewrite your rules using hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using etm@SSH = ANY; be advised that it is not always a 1-1 replacement gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmplrw3jric mtime 1745351446 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: RSA is enabled for SSL-KX NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 20 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 8 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 python/build-crypto-policies.py --policy DEFAULT:TEST-PQ --test --flat tests/alternative-policies output/alt PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 1 is deprecated, please rewrite your rules using hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+; be advised that it is not always a 1-1 replacement PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using etm@SSH = ANY; be advised that it is not always a 1-1 replacement ExperimentalValueWarning: `group` values `MLKEM512`, `X25519-MLKEM512`, `MLKEM768`, `X448-MLKEM768`, `P256-MLKEM512`, `MLKEM1024`, `P384-MLKEM768`, `P521-MLKEM1024` are experimental and might go away in the future ExperimentalValueWarning: `group` value `P521-MLKEM1024` is experimental and might go away in the future ExperimentalValueWarning: `group` value `MLKEM1024` is experimental and might go away in the future ExperimentalValueWarning: `group` value `X448-MLKEM768` is experimental and might go away in the future ExperimentalValueWarning: `group` value `P384-MLKEM768` is experimental and might go away in the future ExperimentalValueWarning: `group` value `MLKEM768` is experimental and might go away in the future ExperimentalValueWarning: `group` value `X25519-MLKEM512` is experimental and might go away in the future ExperimentalValueWarning: `group` value `P256-MLKEM512` is experimental and might go away in the future ExperimentalValueWarning: `group` value `MLKEM512` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `RSA3072-SPHINCSSHAKE128FSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P256-SPHINCSSHAKE128FSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `SPHINCSSHAKE128FSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P384-SPHINCSSHA2192FSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `SPHINCSSHA2192FSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `RSA3072-SPHINCSSHA2128SSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P256-SPHINCSSHA2128SSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `SPHINCSSHA2128SSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `RSA3072-SPHINCSSHA2128FSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P256-SPHINCSSHA2128FSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `SPHINCSSHA2128FSIMPLE` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P521-FALCONPADDED1024` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `FALCONPADDED1024` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P521-FALCON1024` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `FALCON1024` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `RSA3072-FALCONPADDED512` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P256-FALCONPADDED512` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `FALCONPADDED512` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `RSA3072-FALCON512` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P256-FALCON512` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `FALCON512` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA87-ED448` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA87-BP384` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA87-P384` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P521-MLDSA87` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA65-ED25519` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA65-BP256` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA65-P256` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA65-RSA3072` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA65-PSS3072` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P384-MLDSA65` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA44-BP256` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA44-P256` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA44-ED25519` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA44-RSA2048` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `MLDSA44-PSS2048` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `RSA3072-MLDSA44` is experimental and might go away in the future ExperimentalValueWarning: `sign` value `P256-MLDSA44` is experimental and might go away in the future gnutls[2]: Enabled GnuTLS 3.8.9 logging... gnutls[2]: getrandom random generator was selected gnutls[2]: Intel SSSE3 was detected gnutls[2]: Intel AES accelerator was detected gnutls[2]: Intel GCM accelerator was detected gnutls[2]: cfg: marking hash SHA256 as secure gnutls[2]: cfg: marking hash SHA384 as secure gnutls[2]: cfg: marking hash SHA512 as secure gnutls[2]: cfg: marking hash SHA3-256 as secure gnutls[2]: cfg: marking hash SHA3-384 as secure gnutls[2]: cfg: marking hash SHA3-512 as secure gnutls[2]: cfg: marking hash SHA224 as secure gnutls[2]: cfg: marking hash SHA3-224 as secure gnutls[2]: cfg: marking hash SHAKE-256 as secure gnutls[2]: cfg: enabling MAC AEAD for TLS gnutls[2]: cfg: enabling MAC SHA1 for TLS gnutls[2]: cfg: enabling MAC SHA512 for TLS gnutls[2]: cfg: enabling group X25519 for TLS gnutls[2]: cfg: enabling group SECP256R1 for TLS gnutls[2]: cfg: enabling group X448 for TLS gnutls[2]: cfg: enabling group SECP521R1 for TLS gnutls[2]: cfg: enabling group SECP384R1 for TLS gnutls[2]: cfg: enabling group FFDHE2048 for TLS gnutls[2]: cfg: enabling group FFDHE3072 for TLS gnutls[2]: cfg: enabling group FFDHE4096 for TLS gnutls[2]: cfg: enabling group FFDHE6144 for TLS gnutls[2]: cfg: enabling group FFDHE8192 for TLS gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure gnutls[2]: cfg: marking signature RSA-SHA256 as secure gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure gnutls[2]: cfg: marking signature RSA-SHA384 as secure gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure gnutls[2]: cfg: marking signature RSA-SHA512 as secure gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure gnutls[2]: cfg: marking signature RSA-SHA224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs gnutls[2]: cfg: enabling curve X25519 gnutls[2]: cfg: enabling curve SECP256R1 gnutls[2]: cfg: enabling curve X448 gnutls[2]: cfg: enabling curve SECP521R1 gnutls[2]: cfg: enabling curve SECP384R1 gnutls[2]: cfg: enabling curve Ed25519 gnutls[2]: cfg: enabling curve Ed448 gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS gnutls[2]: cfg: enabling key exchange RSA for TLS gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS gnutls[2]: cfg: enabling version TLS1.3 gnutls[2]: cfg: enabling version TLS1.2 gnutls[2]: cfg: enabling version DTLS1.2 gnutls[2]: cfg: adding priority: SYSTEM -> NONE gnutls[2]: cfg: loaded system config /tmp/tmpm58xd9rz mtime 1745351446 gnutls[2]: cfg: deferred setting system-wide priority string NSS-POLICY-INFO: LOADED-SUCCESSFULLY NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA224 is enabled for SSL-KX NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA256 is enabled for SSL-KX NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA384 is enabled for SSL-KX NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA512 is enabled for SSL-KX NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL NSS-POLICY-INFO: AES128-CBC is enabled for SSL NSS-POLICY-INFO: AES256-CBC is enabled for SSL NSS-POLICY-INFO: AES128-GCM is enabled for SSL NSS-POLICY-INFO: AES256-GCM is enabled for SSL NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL NSS-POLICY-INFO: RSA is enabled for SSL-KX NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ECDSA is enabled for SSL-KX NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 20 NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9 NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17 NSS-POLICY-INFO: NUMBER-OF-ECC: 5 NSS-POLICY-INFO: NUMBER-OF-HASH: 8 NSS-POLICY-INFO: NUMBER-OF-MAC: 4 NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5 NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4 NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0 NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4 NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28 NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2 NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1 Pseudo-terminal will not be allocated because stdin is not a terminal. sequoia-policy-config-check returns 0 sequoia-policy-config-check returns 0 + RPM_EC=0 ++ jobs -p + exit 0 Processing files: crypto-policies-20250402-1.mga10.noarch Executing(%license): /bin/sh -e /home/iurt/rpmbuild/tmp/rpm-tmp.fsAXTy + umask 022 + cd /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build + cd fedora-crypto-policies-86c0178-86c0178416fe7998bbf553a3e713a9c4b7205757 + LICENSEDIR=/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/licenses/crypto-policies + export LC_ALL=C + LC_ALL=C + export LICENSEDIR + /usr/bin/mkdir -p /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/licenses/crypto-policies + cp -pr /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/fedora-crypto-policies-86c0178-86c0178416fe7998bbf553a3e713a9c4b7205757/COPYING.LESSER /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/licenses/crypto-policies + RPM_EC=0 ++ jobs -p + exit 0 Provides: config(crypto-policies) = 20250402-1.mga10 crypto-policies = 20250402-1.mga10 Requires(interp): /bin/sh Requires(rpmlib): rpmlib(BuiltinLuaScripts) <= 4.2.2-1 rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PartialHardlinkSets) <= 4.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 Requires(pre): /bin/sh Recommends: crypto-policies-scripts Processing files: crypto-policies-scripts-20250402-1.mga10.noarch Provides: crypto-policies-scripts = 20250402-1.mga10 Requires(interp): /bin/sh Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PartialHardlinkSets) <= 4.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 Requires(post): python3 Requires(posttrans): /bin/sh Checking for unpackaged file(s): /usr/lib/rpm/check-files /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT Wrote: /home/iurt/rpmbuild/RPMS/noarch/crypto-policies-20250402-1.mga10.noarch.rpm Wrote: /home/iurt/rpmbuild/RPMS/noarch/crypto-policies-scripts-20250402-1.mga10.noarch.rpm Executing(rmbuild): /bin/sh -e /home/iurt/rpmbuild/tmp/rpm-tmp.uWQ4xr + umask 022 + cd /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build + test -d /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build + rm -rf /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build + RPM_EC=0 ++ jobs -p + exit 0 D: [iurt_root_command] Success!