D: [iurt_root_command] chroot
Building target platforms: noarch
Building for target noarch
Installing /home/iurt/rpmbuild/SRPMS/@2317343:crypto-policies-20250402-6.mga10.src.rpm
Executing(%mkbuilddir): /bin/sh -e /home/iurt/rpmbuild/tmp/rpm-tmp.Swyz9S
Executing(%prep): /bin/sh -e /home/iurt/rpmbuild/tmp/rpm-tmp.kMfKdO
+ umask 022
+ cd /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build
+ '[' 1 -eq 1 ']'
+ '[' 1 -eq 1 ']'
+ '[' 1 -eq 1 ']'
+ cd /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build
+ rm -rf fedora-crypto-policies-86c0178-86c0178416fe7998bbf553a3e713a9c4b7205757
+ /usr/lib/rpm/rpmuncompress -x /home/iurt/rpmbuild/SOURCES/crypto-policies-git86c0178.tar.gz
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ cd fedora-crypto-policies-86c0178-86c0178416fe7998bbf553a3e713a9c4b7205757
+ /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w .
+ /usr/bin/git init -q
+ /usr/bin/git config user.name rpm-build
+ /usr/bin/git config user.email '<rpm-build>'
+ /usr/bin/git config gc.auto 0
+ /usr/bin/git add --force .
+ GIT_COMMITTER_DATE=@1771152792
+ GIT_AUTHOR_DATE=@1771152792
+ /usr/bin/git commit -q --allow-empty -a --author 'rpm-build <rpm-build>' -m 'crypto-policies-20250402 base'
+ /usr/bin/git checkout --track -b rpm-build
Switched to a new branch 'rpm-build'
branch 'rpm-build' set up to track 'master'.
+ /usr/lib/rpm/rpmuncompress /home/iurt/rpmbuild/SOURCES/0001-python-build-crypto-policies-output-diffs-on-test-mi.patch
+ GIT_COMMITTER_DATE=@1771152792
+ /usr/bin/git am --reject -q
Checking patch python/build-crypto-policies.py...
Applied patch python/build-crypto-policies.py cleanly.
+ /usr/lib/rpm/rpmuncompress /home/iurt/rpmbuild/SOURCES/0001-sequoia-register-eddsa-as-an-alias-to-EDDSA-ED25519.patch
+ GIT_COMMITTER_DATE=@1771152792
+ /usr/bin/git am --reject -q
Checking patch python/policygenerators/sequoia.py...
Checking patch tests/outputs/BSI-rpm-sequoia.txt...
Checking patch tests/outputs/BSI-sequoia.txt...
Checking patch tests/outputs/DEFAULT-rpm-sequoia.txt...
Checking patch tests/outputs/DEFAULT-sequoia.txt...
Checking patch tests/outputs/DEFAULT:GOST-rpm-sequoia.txt...
Checking patch tests/outputs/DEFAULT:GOST-sequoia.txt...
Checking patch tests/outputs/DEFAULT:NO-PQ-rpm-sequoia.txt...
Checking patch tests/outputs/DEFAULT:NO-PQ-sequoia.txt...
Checking patch tests/outputs/DEFAULT:TEST-PQ-rpm-sequoia.txt...
Checking patch tests/outputs/DEFAULT:TEST-PQ-sequoia.txt...
Checking patch tests/outputs/EMPTY-rpm-sequoia.txt...
Checking patch tests/outputs/EMPTY-sequoia.txt...
Checking patch tests/outputs/FEDORA42-rpm-sequoia.txt...
Checking patch tests/outputs/FEDORA42-sequoia.txt...
Checking patch tests/outputs/FEDORA43-rpm-sequoia.txt...
Checking patch tests/outputs/FEDORA43-sequoia.txt...
Checking patch tests/outputs/FIPS-rpm-sequoia.txt...
Checking patch tests/outputs/FIPS-sequoia.txt...
Checking patch tests/outputs/FIPS:ECDHE-ONLY-rpm-sequoia.txt...
Checking patch tests/outputs/FIPS:ECDHE-ONLY-sequoia.txt...
Checking patch tests/outputs/FIPS:NO-ENFORCE-EMS-rpm-sequoia.txt...
Checking patch tests/outputs/FIPS:NO-ENFORCE-EMS-sequoia.txt...
Checking patch tests/outputs/FIPS:OSPP-rpm-sequoia.txt...
Checking patch tests/outputs/FIPS:OSPP-sequoia.txt...
Checking patch tests/outputs/FUTURE-rpm-sequoia.txt...
Checking patch tests/outputs/FUTURE-sequoia.txt...
Checking patch tests/outputs/GOST-ONLY-rpm-sequoia.txt...
Checking patch tests/outputs/GOST-ONLY-sequoia.txt...
Checking patch tests/outputs/LEGACY-rpm-sequoia.txt...
Checking patch tests/outputs/LEGACY-sequoia.txt...
Checking patch tests/outputs/LEGACY:AD-SUPPORT-rpm-sequoia.txt...
Checking patch tests/outputs/LEGACY:AD-SUPPORT-sequoia.txt...
Applied patch python/policygenerators/sequoia.py cleanly.
Applied patch tests/outputs/BSI-rpm-sequoia.txt cleanly.
Applied patch tests/outputs/BSI-sequoia.txt cleanly.
Applied patch tests/outputs/DEFAULT-rpm-sequoia.txt cleanly.
Applied patch tests/outputs/DEFAULT-sequoia.txt cleanly.
Applied patch tests/outputs/DEFAULT:GOST-rpm-sequoia.txt cleanly.
Applied patch tests/outputs/DEFAULT:GOST-sequoia.txt cleanly.
Applied patch tests/outputs/DEFAULT:NO-PQ-rpm-sequoia.txt cleanly.
Applied patch tests/outputs/DEFAULT:NO-PQ-sequoia.txt cleanly.
Applied patch tests/outputs/DEFAULT:TEST-PQ-rpm-sequoia.txt cleanly.
Applied patch tests/outputs/DEFAULT:TEST-PQ-sequoia.txt cleanly.
Applied patch tests/outputs/EMPTY-rpm-sequoia.txt cleanly.
Applied patch tests/outputs/EMPTY-sequoia.txt cleanly.
Applied patch tests/outputs/FEDORA42-rpm-sequoia.txt cleanly.
Applied patch tests/outputs/FEDORA42-sequoia.txt cleanly.
Applied patch tests/outputs/FEDORA43-rpm-sequoia.txt cleanly.
Applied patch tests/outputs/FEDORA43-sequoia.txt cleanly.
Applied patch tests/outputs/FIPS-rpm-sequoia.txt cleanly.
Applied patch tests/outputs/FIPS-sequoia.txt cleanly.
Applied patch tests/outputs/FIPS:ECDHE-ONLY-rpm-sequoia.txt cleanly.
Applied patch tests/outputs/FIPS:ECDHE-ONLY-sequoia.txt cleanly.
Applied patch tests/outputs/FIPS:NO-ENFORCE-EMS-rpm-sequoia.txt cleanly.
Applied patch tests/outputs/FIPS:NO-ENFORCE-EMS-sequoia.txt cleanly.
Applied patch tests/outputs/FIPS:OSPP-rpm-sequoia.txt cleanly.
Applied patch tests/outputs/FIPS:OSPP-sequoia.txt cleanly.
Applied patch tests/outputs/FUTURE-rpm-sequoia.txt cleanly.
Applied patch tests/outputs/FUTURE-sequoia.txt cleanly.
Applied patch tests/outputs/GOST-ONLY-rpm-sequoia.txt cleanly.
Applied patch tests/outputs/GOST-ONLY-sequoia.txt cleanly.
Applied patch tests/outputs/LEGACY-rpm-sequoia.txt cleanly.
Applied patch tests/outputs/LEGACY-sequoia.txt cleanly.
Applied patch tests/outputs/LEGACY:AD-SUPPORT-rpm-sequoia.txt cleanly.
Applied patch tests/outputs/LEGACY:AD-SUPPORT-sequoia.txt cleanly.
+ /usr/lib/rpm/rpmuncompress /home/iurt/rpmbuild/SOURCES/0001-Drop-GSSAPI-support-for-now-as-it-s-not-available-on.patch
+ GIT_COMMITTER_DATE=@1771152792
+ /usr/bin/git am --reject -q
Checking patch policies/BSI.pol...
Checking patch policies/DEFAULT.pol...
Checking patch policies/FEDORA42.pol...
Checking patch policies/FEDORA43.pol...
Checking patch policies/FUTURE.pol...
Checking patch policies/LEGACY.pol...
Checking patch python/policygenerators/openssh.py...
Checking patch tests/alternative-policies/DEFAULT.pol...
Checking patch tests/alternative-policies/FEDORA42.pol...
Checking patch tests/alternative-policies/FEDORA43.pol...
Checking patch tests/alternative-policies/FUTURE.pol...
Checking patch tests/alternative-policies/LEGACY.pol...
Checking patch tests/outputs/BSI-openssh.txt...
Checking patch tests/outputs/BSI-opensshserver.txt...
Checking patch tests/outputs/DEFAULT-openssh.txt...
Checking patch tests/outputs/DEFAULT-opensshserver.txt...
Checking patch tests/outputs/DEFAULT:GOST-openssh.txt...
Checking patch tests/outputs/DEFAULT:GOST-opensshserver.txt...
Checking patch tests/outputs/DEFAULT:NO-PQ-openssh.txt...
Checking patch tests/outputs/DEFAULT:NO-PQ-opensshserver.txt...
Checking patch tests/outputs/DEFAULT:TEST-PQ-openssh.txt...
Checking patch tests/outputs/DEFAULT:TEST-PQ-opensshserver.txt...
Checking patch tests/outputs/EMPTY-openssh.txt...
Checking patch tests/outputs/EMPTY-opensshserver.txt...
Checking patch tests/outputs/FEDORA42-openssh.txt...
Checking patch tests/outputs/FEDORA42-opensshserver.txt...
Checking patch tests/outputs/FEDORA43-openssh.txt...
Checking patch tests/outputs/FEDORA43-opensshserver.txt...
Checking patch tests/outputs/FIPS-openssh.txt...
Checking patch tests/outputs/FIPS-opensshserver.txt...
Checking patch tests/outputs/FIPS:ECDHE-ONLY-openssh.txt...
Checking patch tests/outputs/FIPS:ECDHE-ONLY-opensshserver.txt...
Checking patch tests/outputs/FIPS:NO-ENFORCE-EMS-openssh.txt...
Checking patch tests/outputs/FIPS:NO-ENFORCE-EMS-opensshserver.txt...
Checking patch tests/outputs/FIPS:OSPP-openssh.txt...
Checking patch tests/outputs/FIPS:OSPP-opensshserver.txt...
Checking patch tests/outputs/FUTURE-openssh.txt...
Checking patch tests/outputs/FUTURE-opensshserver.txt...
Checking patch tests/outputs/GOST-ONLY-openssh.txt...
Checking patch tests/outputs/GOST-ONLY-opensshserver.txt...
Checking patch tests/outputs/LEGACY-openssh.txt...
Checking patch tests/outputs/LEGACY-opensshserver.txt...
Checking patch tests/outputs/LEGACY:AD-SUPPORT-openssh.txt...
Checking patch tests/outputs/LEGACY:AD-SUPPORT-opensshserver.txt...
Applied patch policies/BSI.pol cleanly.
Applied patch policies/DEFAULT.pol cleanly.
Applied patch policies/FEDORA42.pol cleanly.
Applied patch policies/FEDORA43.pol cleanly.
Applied patch policies/FUTURE.pol cleanly.
Applied patch policies/LEGACY.pol cleanly.
Applied patch python/policygenerators/openssh.py cleanly.
Applied patch tests/alternative-policies/DEFAULT.pol cleanly.
Applied patch tests/alternative-policies/FEDORA42.pol cleanly.
Applied patch tests/alternative-policies/FEDORA43.pol cleanly.
Applied patch tests/alternative-policies/FUTURE.pol cleanly.
Applied patch tests/alternative-policies/LEGACY.pol cleanly.
Applied patch tests/outputs/BSI-openssh.txt cleanly.
Applied patch tests/outputs/BSI-opensshserver.txt cleanly.
Applied patch tests/outputs/DEFAULT-openssh.txt cleanly.
Applied patch tests/outputs/DEFAULT-opensshserver.txt cleanly.
Applied patch tests/outputs/DEFAULT:GOST-openssh.txt cleanly.
Applied patch tests/outputs/DEFAULT:GOST-opensshserver.txt cleanly.
Applied patch tests/outputs/DEFAULT:NO-PQ-openssh.txt cleanly.
Applied patch tests/outputs/DEFAULT:NO-PQ-opensshserver.txt cleanly.
Applied patch tests/outputs/DEFAULT:TEST-PQ-openssh.txt cleanly.
Applied patch tests/outputs/DEFAULT:TEST-PQ-opensshserver.txt cleanly.
Applied patch tests/outputs/EMPTY-openssh.txt cleanly.
Applied patch tests/outputs/EMPTY-opensshserver.txt cleanly.
Applied patch tests/outputs/FEDORA42-openssh.txt cleanly.
Applied patch tests/outputs/FEDORA42-opensshserver.txt cleanly.
Applied patch tests/outputs/FEDORA43-openssh.txt cleanly.
Applied patch tests/outputs/FEDORA43-opensshserver.txt cleanly.
Applied patch tests/outputs/FIPS-openssh.txt cleanly.
Applied patch tests/outputs/FIPS-opensshserver.txt cleanly.
Applied patch tests/outputs/FIPS:ECDHE-ONLY-openssh.txt cleanly.
Applied patch tests/outputs/FIPS:ECDHE-ONLY-opensshserver.txt cleanly.
Applied patch tests/outputs/FIPS:NO-ENFORCE-EMS-openssh.txt cleanly.
Applied patch tests/outputs/FIPS:NO-ENFORCE-EMS-opensshserver.txt cleanly.
Applied patch tests/outputs/FIPS:OSPP-openssh.txt cleanly.
Applied patch tests/outputs/FIPS:OSPP-opensshserver.txt cleanly.
Applied patch tests/outputs/FUTURE-openssh.txt cleanly.
Applied patch tests/outputs/FUTURE-opensshserver.txt cleanly.
Applied patch tests/outputs/GOST-ONLY-openssh.txt cleanly.
Applied patch tests/outputs/GOST-ONLY-opensshserver.txt cleanly.
Applied patch tests/outputs/LEGACY-openssh.txt cleanly.
Applied patch tests/outputs/LEGACY-opensshserver.txt cleanly.
Applied patch tests/outputs/LEGACY:AD-SUPPORT-openssh.txt cleanly.
Applied patch tests/outputs/LEGACY:AD-SUPPORT-opensshserver.txt cleanly.
+ /usr/lib/rpm/rpmuncompress /home/iurt/rpmbuild/SOURCES/0001-Enable-more-post-quantum-encryption-algorithms-suppo.patch
+ GIT_COMMITTER_DATE=@1771152792
+ /usr/bin/git am --reject -q
Checking patch Makefile...
Checking patch policies/DEFAULT.pol...
Checking patch tests/alternative-policies/DEFAULT.pol...
Checking patch tests/outputs/DEFAULT-openssh.txt...
Checking patch tests/outputs/DEFAULT-opensshserver.txt...
Checking patch tests/outputs/DEFAULT:GOST-openssh.txt...
Checking patch tests/outputs/DEFAULT:GOST-opensshserver.txt...
Applied patch Makefile cleanly.
Applied patch policies/DEFAULT.pol cleanly.
Applied patch tests/alternative-policies/DEFAULT.pol cleanly.
Applied patch tests/outputs/DEFAULT-openssh.txt cleanly.
Applied patch tests/outputs/DEFAULT-opensshserver.txt cleanly.
Applied patch tests/outputs/DEFAULT:GOST-openssh.txt cleanly.
Applied patch tests/outputs/DEFAULT:GOST-opensshserver.txt cleanly.
+ RPM_EC=0
++ jobs -p
+ exit 0
Executing(%build): /bin/sh -e /home/iurt/rpmbuild/tmp/rpm-tmp.YftIw5
+ umask 022
+ cd /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build
+ CFLAGS='-O2 -g -pipe -Wformat -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full'
+ export CFLAGS
+ CXXFLAGS='-O2 -g -pipe -Wformat -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full'
+ export CXXFLAGS
+ FFLAGS='-O2 -g -pipe -Wformat -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full '
+ export FFLAGS
+ FCFLAGS='-O2 -g -pipe -Wformat -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full '
+ export FCFLAGS
+ VALAFLAGS=-g
+ export VALAFLAGS
+ RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none --cap-lints=warn'
+ export RUSTFLAGS
+ LDFLAGS='-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro -Wl,-z,now -Wl,-O1 -Wl,--build-id=sha1 -Wl,--enable-new-dtags -specs=/usr/lib/rpm/redhat/redhat-hardened-ld'
+ export LDFLAGS
+ LT_SYS_LIBRARY_PATH=/usr/lib:
+ export LT_SYS_LIBRARY_PATH
+ CC=gcc
+ export CC
+ CXX=g++
+ export CXX
+ cd fedora-crypto-policies-86c0178-86c0178416fe7998bbf553a3e713a9c4b7205757
+ '[' 1 -eq 1 ']'
+ '[' 1 -eq 1 ']'
+ /usr/bin/make -O -j12 V=1 VERBOSE=1
asciidoc -v -d manpage -b docbook update-crypto-policies.8.txt
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/asciidoc.conf
asciidoc: reading: /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/fedora-crypto-policies-86c0178-86c0178416fe7998bbf553a3e713a9c4b7205757/update-crypto-policies.8.txt
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/docbook45.conf
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/code/code-filter.conf
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/latex/latex-filter.conf
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/music/music-filter.conf
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/graphviz/graphviz-filter.conf
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/source/source-highlight-filter.conf
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/lang-en.conf
asciidoc: writing: /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/fedora-crypto-policies-86c0178-86c0178416fe7998bbf553a3e713a9c4b7205757/update-crypto-policies.8.xml
xsltproc --nonet -o update-crypto-policies.8 /usr/lib/python3.13/site-packages/asciidoc/resources/docbook-xsl/manpage.xsl update-crypto-policies.8.xml
Note: Writing update-crypto-policies.8
asciidoc -v -d manpage -b docbook crypto-policies.7.txt
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/asciidoc.conf
asciidoc: reading: /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/fedora-crypto-policies-86c0178-86c0178416fe7998bbf553a3e713a9c4b7205757/crypto-policies.7.txt
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/docbook45.conf
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/code/code-filter.conf
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/latex/latex-filter.conf
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/music/music-filter.conf
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/graphviz/graphviz-filter.conf
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/filters/source/source-highlight-filter.conf
asciidoc: reading: /usr/lib/python3.13/site-packages/asciidoc/resources/lang-en.conf
asciidoc: writing: /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/fedora-crypto-policies-86c0178-86c0178416fe7998bbf553a3e713a9c4b7205757/crypto-policies.7.xml
xsltproc --nonet -o crypto-policies.7 /usr/lib/python3.13/site-packages/asciidoc/resources/docbook-xsl/manpage.xsl crypto-policies.7.xml
Note: Writing crypto-policies.7
mkdir -p output
python/build-crypto-policies.py --reloadcmds policies output
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpd42ys6l0 mtime 1771152793
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 16
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 7
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 14
NSS-POLICY-INFO: NUMBER-OF-ECC: 4
NSS-POLICY-INFO: NUMBER-OF-HASH: 6
NSS-POLICY-INFO: NUMBER-OF-MAC: 3
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 4
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 12
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: marking hash SHAKE-128 as secure
gnutls[2]: cfg: marking hash SHA1 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP256R1-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP384R1-MLKEM1024 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature DSA-SHA256 as secure
gnutls[2]: cfg: marking signature DSA-SHA384 as secure
gnutls[2]: cfg: marking signature DSA-SHA512 as secure
gnutls[2]: cfg: marking signature DSA-SHA224 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure
gnutls[2]: cfg: marking signature RSA-SHA1 as secure
gnutls[2]: cfg: marking signature DSA-SHA1 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature rsa-sha1 as secure for certs
gnutls[2]: cfg: marking signature dsa-sha1 as secure for certs
gnutls[2]: cfg: marking signature ecdsa-sha1 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling cipher 3DES-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-DSS for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version TLS1.1
gnutls[2]: cfg: enabling version TLS1.0
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: enabling version DTLS1.0
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpq3imbmhk mtime 1771152793
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: X25519MLKEM768 is enabled for SSL-KX
NSS-POLICY-INFO: MLKEM768X25519 is enabled for SSL-KX
NSS-POLICY-INFO: SHA1 is enabled for SSL-KX
NSS-POLICY-INFO: SHA1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: DES-EDE3-CBC is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-DSS is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: DSA is enabled for SSL-KX
NSS-POLICY-INFO: DSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 25
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 10
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 19
NSS-POLICY-INFO: NUMBER-OF-ECC: 7
NSS-POLICY-INFO: NUMBER-OF-HASH: 9
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 6
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 5
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 5
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 33
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP256R1-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP384R1-MLKEM1024 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpajoww9sp mtime 1771152794
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: X25519MLKEM768 is enabled for SSL-KX
NSS-POLICY-INFO: MLKEM768X25519 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 22
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17
NSS-POLICY-INFO: NUMBER-OF-ECC: 7
NSS-POLICY-INFO: NUMBER-OF-HASH: 8
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpsdoxc0t5 mtime 1771152794
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 17
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 8
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 14
NSS-POLICY-INFO: NUMBER-OF-ECC: 4
NSS-POLICY-INFO: NUMBER-OF-HASH: 7
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 4
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 18
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP256R1-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP384R1-MLKEM1024 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpj5fw1faj mtime 1771152794
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: X25519MLKEM768 is enabled for SSL-KX
NSS-POLICY-INFO: MLKEM768X25519 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 22
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17
NSS-POLICY-INFO: NUMBER-OF-ECC: 7
NSS-POLICY-INFO: NUMBER-OF-HASH: 8
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP256R1-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP384R1-MLKEM1024 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpw5hxdq0d mtime 1771152794
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: X25519MLKEM768 is enabled for SSL-KX
NSS-POLICY-INFO: MLKEM768X25519 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 19
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 5
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 15
NSS-POLICY-INFO: NUMBER-OF-ECC: 7
NSS-POLICY-INFO: NUMBER-OF-HASH: 6
NSS-POLICY-INFO: NUMBER-OF-MAC: 3
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 2
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 8
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpa1jjxstg mtime 1771152794
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 20
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17
NSS-POLICY-INFO: NUMBER-OF-ECC: 5
NSS-POLICY-INFO: NUMBER-OF-HASH: 8
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
Saving config for bind for policy BSI

Saving config for gnutls for policy BSI

Saving config for java for policy BSI

Saving config for krb5 for policy BSI

Saving config for libreswan for policy BSI

Saving config for libssh for policy BSI

Saving config for nss for policy BSI

Saving config for openssh for policy BSI

Saving config for opensshserver for policy BSI

Saving config for openssl_fips for policy BSI

Saving config for opensslcnf for policy BSI

Saving config for rpm-sequoia for policy BSI

Saving config for sequoia for policy BSI

Saving config for bind for policy LEGACY

Saving config for gnutls for policy LEGACY

Saving config for java for policy LEGACY

Saving config for krb5 for policy LEGACY

Saving config for libreswan for policy LEGACY

Saving config for libssh for policy LEGACY

Saving config for nss for policy LEGACY

Saving config for openssh for policy LEGACY

Saving config for opensshserver for policy LEGACY

Saving config for openssl_fips for policy LEGACY

Saving config for opensslcnf for policy LEGACY

Saving config for rpm-sequoia for policy LEGACY

Saving config for sequoia for policy LEGACY

Saving config for bind for policy EMPTY

Saving config for gnutls for policy EMPTY

Saving config for java for policy EMPTY

Saving config for krb5 for policy EMPTY

Saving config for libreswan for policy EMPTY

Saving config for libssh for policy EMPTY

Saving config for nss for policy EMPTY

Saving config for openssh for policy EMPTY

Saving config for opensshserver for policy EMPTY

Saving config for openssl_fips for policy EMPTY

Saving config for opensslcnf for policy EMPTY

Saving config for rpm-sequoia for policy EMPTY

Saving config for sequoia for policy EMPTY

Saving config for bind for policy GOST-ONLY

Saving config for gnutls for policy GOST-ONLY

Saving config for java for policy GOST-ONLY

Saving config for krb5 for policy GOST-ONLY

Saving config for libreswan for policy GOST-ONLY

Saving config for libssh for policy GOST-ONLY

Saving config for nss for policy GOST-ONLY

Saving config for openssh for policy GOST-ONLY

Saving config for opensshserver for policy GOST-ONLY

Saving config for openssl_fips for policy GOST-ONLY

Saving config for opensslcnf for policy GOST-ONLY

Saving config for rpm-sequoia for policy GOST-ONLY

Saving config for sequoia for policy GOST-ONLY

Saving config for bind for policy FEDORA43

Saving config for gnutls for policy FEDORA43

Saving config for java for policy FEDORA43

Saving config for krb5 for policy FEDORA43

Saving config for libreswan for policy FEDORA43

Saving config for libssh for policy FEDORA43

Saving config for nss for policy FEDORA43

Saving config for openssh for policy FEDORA43

Saving config for opensshserver for policy FEDORA43

Saving config for openssl_fips for policy FEDORA43

Saving config for opensslcnf for policy FEDORA43

Saving config for rpm-sequoia for policy FEDORA43

Saving config for sequoia for policy FEDORA43

Saving config for bind for policy FIPS

Saving config for gnutls for policy FIPS

Saving config for java for policy FIPS

Saving config for krb5 for policy FIPS

Saving config for libreswan for policy FIPS

Saving config for libssh for policy FIPS

Saving config for nss for policy FIPS

Saving config for openssh for policy FIPS

Saving config for opensshserver for policy FIPS

Saving config for openssl_fips for policy FIPS

Saving config for opensslcnf for policy FIPS

Saving config for rpm-sequoia for policy FIPS

Saving config for sequoia for policy FIPS

Saving config for bind for policy DEFAULT

Saving config for gnutls for policy DEFAULT

Saving config for java for policy DEFAULT

Saving config for krb5 for policy DEFAULT

Saving config for libreswan for policy DEFAULT

Saving config for libssh for policy DEFAULT

Saving config for nss for policy DEFAULT

Saving config for openssh for policy DEFAULT

Saving config for opensshserver for policy DEFAULT

Saving config for openssl_fips for policy DEFAULT

Saving config for opensslcnf for policy DEFAULT

Saving config for rpm-sequoia for policy DEFAULT

Saving config for sequoia for policy DEFAULT

Saving config for bind for policy FUTURE

Saving config for gnutls for policy FUTURE

Saving config for java for policy FUTURE

Saving config for krb5 for policy FUTURE

Saving config for libreswan for policy FUTURE

Saving config for libssh for policy FUTURE

Saving config for nss for policy FUTURE

Saving config for openssh for policy FUTURE

Saving config for opensshserver for policy FUTURE

Saving config for openssl_fips for policy FUTURE

Saving config for opensslcnf for policy FUTURE

Saving config for rpm-sequoia for policy FUTURE

Saving config for sequoia for policy FUTURE

Saving config for bind for policy FEDORA42

Saving config for gnutls for policy FEDORA42

Saving config for java for policy FEDORA42

Saving config for krb5 for policy FEDORA42

Saving config for libreswan for policy FEDORA42

Saving config for libssh for policy FEDORA42

Saving config for nss for policy FEDORA42

Saving config for openssh for policy FEDORA42

Saving config for opensshserver for policy FEDORA42

Saving config for openssl_fips for policy FEDORA42

Saving config for opensslcnf for policy FEDORA42

Saving config for rpm-sequoia for policy FEDORA42

Saving config for sequoia for policy FEDORA42

+ RPM_EC=0
++ jobs -p
+ exit 0
Executing(%install): /bin/sh -e /home/iurt/rpmbuild/tmp/rpm-tmp.tjXum3
+ umask 022
+ cd /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build
+ '[' 1 -eq 1 ']'
+ '[' /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT '!=' / ']'
+ rm -rf /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT
++ dirname /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT
+ mkdir -p /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build
+ mkdir /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT
+ CFLAGS='-O2 -g -pipe -Wformat -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full'
+ export CFLAGS
+ CXXFLAGS='-O2 -g -pipe -Wformat -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full'
+ export CXXFLAGS
+ FFLAGS='-O2 -g -pipe -Wformat -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full '
+ export FFLAGS
+ FCFLAGS='-O2 -g -pipe -Wformat -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full '
+ export FCFLAGS
+ VALAFLAGS=-g
+ export VALAFLAGS
+ RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none --cap-lints=warn'
+ export RUSTFLAGS
+ LDFLAGS='-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro -Wl,-z,now -Wl,-O1 -Wl,--build-id=sha1 -Wl,--enable-new-dtags -specs=/usr/lib/rpm/redhat/redhat-hardened-ld'
+ export LDFLAGS
+ LT_SYS_LIBRARY_PATH=/usr/lib:
+ export LT_SYS_LIBRARY_PATH
+ CC=gcc
+ export CC
+ CXX=g++
+ export CXX
+ cd fedora-crypto-policies-86c0178-86c0178416fe7998bbf553a3e713a9c4b7205757
+ '[' 1 -eq 1 ']'
+ mkdir -p -m 755 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/
+ mkdir -p -m 755 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/
+ mkdir -p -m 755 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/back-ends/
+ mkdir -p -m 755 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/state/
+ mkdir -p -m 755 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/local.d/
+ mkdir -p -m 755 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/policies/
+ mkdir -p -m 755 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/policies/modules/
+ mkdir -p -m 755 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/bin
+ make DESTDIR=/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT DIR=/usr/share/crypto-policies MANDIR=/usr/share/man -j12 install
mkdir -p /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/man
mkdir -p /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/man/man7
mkdir -p /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/man/man8
mkdir -p /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/bin
mkdir -p /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/libexec
mkdir -p /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/lib/systemd/system
install -p -m 644 crypto-policies.7 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/man/man7
install -p -m 644 update-crypto-policies.8 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/man/man8
install -p -m 755 update-crypto-policies /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/bin
install -p -m 644 fips-crypto-policy-overlay.service /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/lib/systemd/system
install -p -m 755 fips-crypto-policy-overlay fips-setup-helper /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/libexec
mkdir -p /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/
install -p -m 644 default-config /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies
install -p -m 644 default-fips-config /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies
install -p -m 644 output/reload-cmds.sh /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies
for f in $(find output -name '*.txt') ; do d=$(dirname $f | cut -f 2- -d '/')  ; install -p -m 644 -D -t /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d $f ; done
for f in $(find policies -name '*.p*') ; do d=$(dirname $f)  ; install -p -m 644 -D -t /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d $f ; done
for f in $(find python -name '*.py') ; do d=$(dirname $f) ; install -p -m 644 -D -t /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d $f ; done
chmod 755 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/update-crypto-policies.py
chmod 755 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/build-crypto-policies.py
+ install -p -m 644 default-config /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/config
+ install -p -m 644 default-fips-config /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/default-fips-config
+ touch /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/state/current
+ touch /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/state/CURRENT.pol
+ rm -rf /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/GOST-ONLY
+ rm -rf /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/BSI
+ rm -rf /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FEDORA42
+ rm -rf /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FEDORA43
+ for d in LEGACY DEFAULT FUTURE FIPS
+ mkdir -p -m 755 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/bind.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/bind.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/bind.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/gnutls.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/gnutls.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/gnutls.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/java.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/java.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/java.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/krb5.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/krb5.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/krb5.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/libreswan.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/libreswan.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/libreswan.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/libssh.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/libssh.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/libssh.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/nss.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/nss.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/nss.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/openssh.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/openssh.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/openssh.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/opensshserver.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/opensshserver.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/opensshserver.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/openssl_fips.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/openssl_fips.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/openssl_fips.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/opensslcnf.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/opensslcnf.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/opensslcnf.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/rpm-sequoia.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/rpm-sequoia.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/rpm-sequoia.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/sequoia.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/LEGACY/sequoia.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/LEGACY/sequoia.config
+ for d in LEGACY DEFAULT FUTURE FIPS
+ mkdir -p -m 755 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/bind.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/bind.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/bind.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/gnutls.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/gnutls.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/gnutls.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/java.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/java.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/java.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/krb5.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/krb5.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/krb5.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/libreswan.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/libreswan.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/libreswan.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/libssh.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/libssh.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/libssh.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/nss.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/nss.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/nss.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/openssh.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/openssh.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/openssh.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/opensshserver.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/opensshserver.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/opensshserver.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/openssl_fips.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/openssl_fips.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/openssl_fips.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/opensslcnf.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/opensslcnf.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/opensslcnf.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/rpm-sequoia.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/rpm-sequoia.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/rpm-sequoia.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/sequoia.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/sequoia.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/DEFAULT/sequoia.config
+ for d in LEGACY DEFAULT FUTURE FIPS
+ mkdir -p -m 755 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/bind.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/bind.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/bind.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/gnutls.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/gnutls.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/gnutls.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/java.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/java.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/java.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/krb5.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/krb5.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/krb5.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/libreswan.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/libreswan.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/libreswan.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/libssh.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/libssh.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/libssh.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/nss.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/nss.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/nss.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/openssh.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/openssh.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/openssh.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/opensshserver.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/opensshserver.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/opensshserver.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/openssl_fips.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/openssl_fips.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/openssl_fips.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/opensslcnf.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/opensslcnf.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/opensslcnf.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/rpm-sequoia.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/rpm-sequoia.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/rpm-sequoia.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/sequoia.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FUTURE/sequoia.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FUTURE/sequoia.config
+ for d in LEGACY DEFAULT FUTURE FIPS
+ mkdir -p -m 755 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/bind.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/bind.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/bind.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/gnutls.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/gnutls.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/gnutls.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/java.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/java.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/java.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/krb5.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/krb5.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/krb5.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/libreswan.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/libreswan.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/libreswan.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/libssh.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/libssh.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/libssh.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/nss.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/nss.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/nss.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/openssh.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/openssh.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/openssh.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/opensshserver.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/opensshserver.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/opensshserver.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/openssl_fips.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/openssl_fips.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/openssl_fips.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/opensslcnf.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/opensslcnf.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/opensslcnf.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/rpm-sequoia.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/rpm-sequoia.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/rpm-sequoia.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/$d/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/sequoia.txt .txt
+ ln /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/FIPS/sequoia.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/back-ends/FIPS/sequoia.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/bind.txt
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/bind.txt .txt
+ ln -sf /usr/share/crypto-policies/DEFAULT/bind.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/back-ends/bind.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/gnutls.txt
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/gnutls.txt .txt
+ ln -sf /usr/share/crypto-policies/DEFAULT/gnutls.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/back-ends/gnutls.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/java.txt
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/java.txt .txt
+ ln -sf /usr/share/crypto-policies/DEFAULT/java.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/back-ends/java.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/krb5.txt
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/krb5.txt .txt
+ ln -sf /usr/share/crypto-policies/DEFAULT/krb5.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/back-ends/krb5.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/libreswan.txt
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/libreswan.txt .txt
+ ln -sf /usr/share/crypto-policies/DEFAULT/libreswan.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/back-ends/libreswan.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/libssh.txt
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/libssh.txt .txt
+ ln -sf /usr/share/crypto-policies/DEFAULT/libssh.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/back-ends/libssh.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/nss.txt
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/nss.txt .txt
+ ln -sf /usr/share/crypto-policies/DEFAULT/nss.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/back-ends/nss.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/openssh.txt
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/openssh.txt .txt
+ ln -sf /usr/share/crypto-policies/DEFAULT/openssh.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/back-ends/openssh.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/opensshserver.txt
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/opensshserver.txt .txt
+ ln -sf /usr/share/crypto-policies/DEFAULT/opensshserver.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/back-ends/opensshserver.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/openssl_fips.txt
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/openssl_fips.txt .txt
+ ln -sf /usr/share/crypto-policies/DEFAULT/openssl_fips.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/back-ends/openssl_fips.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/opensslcnf.txt
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/opensslcnf.txt .txt
+ ln -sf /usr/share/crypto-policies/DEFAULT/opensslcnf.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/back-ends/opensslcnf.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/rpm-sequoia.txt
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/rpm-sequoia.txt .txt
+ ln -sf /usr/share/crypto-policies/DEFAULT/rpm-sequoia.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/back-ends/rpm-sequoia.config
+ for f in /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/*
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/sequoia.txt
++ basename /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/DEFAULT/sequoia.txt .txt
+ ln -sf /usr/share/crypto-policies/DEFAULT/sequoia.txt /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/etc/crypto-policies/back-ends/sequoia.config
+ [[ /usr/bin/python3 =~  - ]]
+ clamp_source_mtime /usr/bin/python3 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python
+ python_binary='env -u SOURCE_DATE_EPOCH /usr/bin/python3'
+ bytecode_compilation_path=/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python
+ PYTHONPATH=/usr/lib/rpm/redhat
+ env -u SOURCE_DATE_EPOCH /usr/bin/python3 -s -B -m clamp_source_mtime /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python
Not clamping source mtimes, $SOURCE_DATE_EPOCH not set
++ /usr/bin/python3 -c 'import sys; sys.stdout.write('\''{0.major}{0.minor}'\''.format(sys.version_info))'
+ python_version=313
+ '[' 313 -ge 39 ']'
+ py39_byte_compile /usr/bin/python3 /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python
+ python_binary='env -u SOURCE_DATE_EPOCH PYTHONHASHSEED=0 /usr/bin/python3'
+ bytecode_compilation_path=/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python
+ env -u SOURCE_DATE_EPOCH PYTHONHASHSEED=0 /usr/bin/python3 -s -B -m compileall -j12 -o 0 -o 1 -s /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT -p / --hardlink-dupes --invalidation-mode=timestamp /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python
Listing '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python'...
Listing '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies'...
Listing '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation'...
Listing '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators'...
Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation/__init__.py'...
Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation/alg_lists.py'...
Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation/general.py'...
Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation/rules.py'...
Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/validation/scope.py'...
Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/__init__.py'...
Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/bind.py'...
Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/configgenerator.py'...
Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/gnutls.py'...
Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/java.py'...
Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/krb5.py'...
Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/libreswan.py'...
Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/build-crypto-policies.py'...
Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/__init__.py'...
Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/alg_lists.py'...
Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/cryptopolicies/cryptopolicies.py'...
Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/sequoia.py'...
Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/update-crypto-policies.py'...
Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/libssh.py'...
Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/nss.py'...
Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/openssh.py'...
Compiling '/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/crypto-policies/python/policygenerators/openssl.py'...
+ /usr/lib/rpm/check-buildroot
+ '[' -n '' ']'
+ /usr/share/spec-helper/clean_files
+ '[' -n '' ']'
+ /usr/share/spec-helper/compress_files .xz
+ '[' -n '' ']'
+ /usr/share/spec-helper/relink_symlinks
+ '[' -n '' ']'
+ /usr/share/spec-helper/clean_perl
+ '[' -n '' ']'
+ /usr/share/spec-helper/lib_symlinks
+ '[' -n '' ']'
+ /usr/share/spec-helper/gprintify
+ '[' -n '' ']'
+ /usr/share/spec-helper/fix_mo
+ '[' -n '' ']'
+ /usr/share/spec-helper/fix_pamd
+ '[' -n '' ']'
+ /usr/share/spec-helper/remove_info_dir
+ '[' -n '' ']'
+ /usr/share/spec-helper/fix_eol
+ '[' -n '' ']'
+ /usr/share/spec-helper/check_desktop_files
+ '[' -n '' ']'
+ /usr/share/spec-helper/check_elf_files
+ /usr/lib/rpm/brp-strip /usr/bin/strip
+ /usr/lib/rpm/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump
+ /usr/lib/rpm/brp-strip-static-archive /usr/bin/strip
+ /usr/lib/rpm/check-rpaths
+ /usr/lib/rpm/brp-remove-la-files
+ /usr/lib/rpm/redhat/brp-mangle-shebangs
mangling shebang in /usr/libexec/fips-setup-helper from /bin/bash to #!/usr/bin/bash
mangling shebang in /usr/libexec/fips-crypto-policy-overlay from /bin/bash to #!/usr/bin/bash
mangling shebang in /usr/share/crypto-policies/python/update-crypto-policies.py from /usr/bin/env python3 to #!/usr/bin/python3
mangling shebang in /usr/share/crypto-policies/python/build-crypto-policies.py from /usr/bin/env python3 to #!/usr/bin/python3
+ env -u SOURCE_DATE_EPOCH /usr/lib/rpm/redhat/brp-python-bytecompile '' 1 0 -j12
+ /usr/lib/rpm/redhat/brp-python-hardlink
Executing(%check): /bin/sh -e /home/iurt/rpmbuild/tmp/rpm-tmp.48cMR1
+ umask 022
+ cd /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build
+ CFLAGS='-O2 -g -pipe -Wformat -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full'
+ export CFLAGS
+ CXXFLAGS='-O2 -g -pipe -Wformat -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full'
+ export CXXFLAGS
+ FFLAGS='-O2 -g -pipe -Wformat -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full '
+ export FFLAGS
+ FCFLAGS='-O2 -g -pipe -Wformat -Werror=format-security -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -m64 -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection=full '
+ export FCFLAGS
+ VALAFLAGS=-g
+ export VALAFLAGS
+ RUSTFLAGS='-Copt-level=3 -Cdebuginfo=2 -Ccodegen-units=1 -Cstrip=none --cap-lints=warn'
+ export RUSTFLAGS
+ LDFLAGS='-Wl,--as-needed -Wl,--no-undefined -Wl,-z,relro -Wl,-z,now -Wl,-O1 -Wl,--build-id=sha1 -Wl,--enable-new-dtags -specs=/usr/lib/rpm/redhat/redhat-hardened-ld'
+ export LDFLAGS
+ LT_SYS_LIBRARY_PATH=/usr/lib:
+ export LT_SYS_LIBRARY_PATH
+ CC=gcc
+ export CC
+ CXX=g++
+ export CXX
+ cd fedora-crypto-policies-86c0178-86c0178416fe7998bbf553a3e713a9c4b7205757
+ '[' 1 -eq 1 ']'
+ make test -j12 SKIP_LINTING=1
for f in $(find tests/outputs -name '*-sequoia.txt') ; do \
	sequoia-policy-config-check "$f"; \
done
python/build-crypto-policies.py --strict --test --flat policies tests/outputs
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmp8tmvm1pb mtime 1771152796
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 16
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 7
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 14
NSS-POLICY-INFO: NUMBER-OF-ECC: 4
NSS-POLICY-INFO: NUMBER-OF-HASH: 6
NSS-POLICY-INFO: NUMBER-OF-MAC: 3
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 4
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 12
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
============================= test session starts ==============================
platform linux -- Python 3.13.12, pytest-8.3.5, pluggy-1.5.0 -- /usr/bin/python3
cachedir: .pytest_cache
rootdir: /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/fedora-crypto-policies-86c0178-86c0178416fe7998bbf553a3e713a9c4b7205757
configfile: pytest.ini
collecting ... ============================= test session starts ==============================
platform linux -- Python 3.13.12, pytest-8.3.5, pluggy-1.5.0 -- /usr/bin/python3
cachedir: .pytest_cache
rootdir: /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/fedora-crypto-policies-86c0178-86c0178416fe7998bbf553a3e713a9c4b7205757
configfile: pytest.ini
collecting ... gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: marking hash SHAKE-128 as secure
gnutls[2]: cfg: marking hash SHA1 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP256R1-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP384R1-MLKEM1024 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature DSA-SHA256 as secure
gnutls[2]: cfg: marking signature DSA-SHA384 as secure
gnutls[2]: cfg: marking signature DSA-SHA512 as secure
gnutls[2]: cfg: marking signature DSA-SHA224 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure
gnutls[2]: cfg: marking signature RSA-SHA1 as secure
gnutls[2]: cfg: marking signature DSA-SHA1 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature rsa-sha1 as secure for certs
gnutls[2]: cfg: marking signature dsa-sha1 as secure for certs
gnutls[2]: cfg: marking signature ecdsa-sha1 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling cipher 3DES-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-DSS for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version TLS1.1
gnutls[2]: cfg: enabling version TLS1.0
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: enabling version DTLS1.0
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmptt0onx8q mtime 1771152796
gnutls[2]: cfg: deferred setting system-wide priority string
collected 12 items

python/cryptopolicies/alg_lists.py::cryptopolicies.alg_lists.earliest_occurrence PASSED [  8%]
python/cryptopolicies/alg_lists.py::cryptopolicies.alg_lists.glob NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: X25519MLKEM768 is enabled for SSL-KX
NSS-POLICY-INFO: MLKEM768X25519 is enabled for SSL-KX
NSS-POLICY-INFO: SHA1 is enabled for SSL-KX
NSS-POLICY-INFO: SHA1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: DES-EDE3-CBC is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-DSS is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: DSA is enabled for SSL-KX
NSS-POLICY-INFO: DSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 25
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 10
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 19
NSS-POLICY-INFO: NUMBER-OF-ECC: 7
NSS-POLICY-INFO: NUMBER-OF-HASH: 9
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 6
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 5
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 5
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 33
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
PASSED [ 16%]
python/cryptopolicies/alg_lists.py::cryptopolicies.alg_lists.max_dtls_version PASSED [ 25%]
python/cryptopolicies/alg_lists.py::cryptopolicies.alg_lists.max_tls_version PASSED [ 33%]
python/cryptopolicies/alg_lists.py::cryptopolicies.alg_lists.min_dtls_version PASSED [ 41%]
python/cryptopolicies/alg_lists.py::cryptopolicies.alg_lists.min_tls_version PASSED [ 50%]
python/cryptopolicies/cryptopolicies.py::cryptopolicies.cryptopolicies.ScopeSelector.__init__ PASSED [ 58%]
python/cryptopolicies/cryptopolicies.py::cryptopolicies.cryptopolicies.ScopeSelector.matches PASSED [ 66%]
python/cryptopolicies/cryptopolicies.py::cryptopolicies.cryptopolicies.ScopedPolicy PASSED [ 75%]
python/cryptopolicies/cryptopolicies.py::cryptopolicies.cryptopolicies.parse_line PASSED [ 83%]
python/cryptopolicies/cryptopolicies.py::cryptopolicies.cryptopolicies.parse_rhs PASSED [ 91%]
python/cryptopolicies/cryptopolicies.py::cryptopolicies.cryptopolicies.preprocess_text Pseudo-terminal will not be allocated because stdin is not a terminal.
PASSED [100%]

============================== 12 passed in 0.09s ==============================
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
collected 47 items

tests/unit/test_alg_lists.py::test_glob_alg_sanity PASSED                [  2%]
tests/unit/test_alg_lists.py::test_glob_alg_globbing PASSED              [  4%]
tests/unit/test_alg_lists.py::test_glob_experimental PASSED              [  6%]
tests/unit/test_alg_lists.py::test_glob_alg_algorithm_empty PASSED       [  8%]
tests/unit/test_alg_lists.py::test_glob_alg_algorithm_class_unknown PASSED [ 10%]
tests/unit/test_alg_lists.py::test_min_versions PASSED                   [ 12%]
tests/unit/test_alg_lists.py::test_max_versions PASSED                   [ 14%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_is_empty gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP256R1-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP384R1-MLKEM1024 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmp7cz2uvus mtime 1771152797
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: X25519MLKEM768 is enabled for SSL-KX
NSS-POLICY-INFO: MLKEM768X25519 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 22
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17
NSS-POLICY-INFO: NUMBER-OF-ECC: 7
NSS-POLICY-INFO: NUMBER-OF-HASH: 8
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
PASSED       [ 17%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_not_found PASSED      [ 19%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_smoke_broken PASSED   [ 21%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_smoke_basic PASSED    [ 23%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_smoke_subpolicy PASSED [ 25%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_smoke_several_subpolicies Pseudo-terminal will not be allocated because stdin is not a terminal.
PASSED [ 27%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_compat_diamond_new_recommended PASSED [ 29%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_compat_diamond_old_recommended PASSED [ 31%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_compat_diamond_breaking1 PASSED [ 34%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_compat_diamond_breaking2 PASSED [ 36%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_sha1_in_dnssec PASSED [ 38%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_compat_to_enum PASSED [ 40%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_compat_scoped_ssh_etm_to_enum PASSED [ 42%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_prepend_order sequoia-policy-config-check returns 0
PASSED  [ 44%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_no_duplicates sequoia-policy-config-check returns 0
PASSED  [ 46%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_minver PASSED         [ 48%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_maxver PASSED         [ 51%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_experimental PASSED   [ 53%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_to_string_empty gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpk1lcd1vd mtime 1771152797
gnutls[2]: cfg: deferred setting system-wide priority string
PASSED [ 55%]
tests/unit/test_cryptopolicy.py::test_cryptopolicy_to_string_twisted PASSED [ 57%]
tests/unit/test_parse_line.py::test_parse_line PASSED                    [ 59%]
tests/unit/test_parse_line.py::test_parse_bad PASSED                     [ 61%]
tests/unit/test_parse_rhs.py::test_parse_rhs PASSED                      [ 63%]
tests/unit/test_preprocess_text.py::test_preprocess_text_basics PASSED   [ 65%]
tests/unit/test_preprocess_text.py::test_preprocess_text_compat PASSED   [ 68%]
tests/unit/test_preprocess_text.py::test_preprocess_text_compat_problematic PASSED [ 70%]
tests/unit/test_preprocess_text.py::test_preprocess_text_compat_diamond_problem PASSED [ 72%]
tests/unit/test_scope_selector.py::test_scope_selector_any PASSED        [ 74%]
tests/unit/test_scope_selector.py::test_scope_selector_tls PASSED        [ 76%]
tests/unit/test_scope_selector.py::test_scope_selector_nontls PASSED     [ 78%]
tests/unit/test_scope_selector.py::test_scope_selector_posglob PASSED    [ 80%]
tests/unit/test_scope_selector.py::test_scope_selector_negglob PASSED    [ 82%]
tests/unit/test_scope_selector.py::test_scope_selector_posmixed PASSED   [ 85%]
tests/unit/test_scope_selector.py::test_scope_selector_negmixed PASSED   [ 87%]NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 17
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 8
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 14
NSS-POLICY-INFO: NUMBER-OF-ECC: 4
NSS-POLICY-INFO: NUMBER-OF-HASH: 7
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 4
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 18
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1

tests/unit/test_scope_selector.py::test_scope_selector_curly_brackets PASSED [ 89%]
tests/unit/test_scope_selector.py::test_scope_selector_empty PASSED      [ 91%]
tests/unit/test_scope_selector.py::test_scope_selector_illegal_character PASSED [ 93%]
tests/unit/test_scope_selector.py::test_scope_selector_comma PASSED      [ 95%]
tests/unit/test_scope_selector.py::test_scope_selector_unknown PASSED    [ 97%]
tests/unit/test_scope_selector.py::test_scope_selector_nomatch PASSED    [100%]Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0


============================== 47 passed in 0.40s ==============================
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP256R1-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP384R1-MLKEM1024 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpghg6s0vt mtime 1771152797
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: X25519MLKEM768 is enabled for SSL-KX
NSS-POLICY-INFO: MLKEM768X25519 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 22
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17
NSS-POLICY-INFO: NUMBER-OF-ECC: 7
NSS-POLICY-INFO: NUMBER-OF-HASH: 8
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP256R1-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP384R1-MLKEM1024 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpzlth4qve mtime 1771152797
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: X25519MLKEM768 is enabled for SSL-KX
NSS-POLICY-INFO: MLKEM768X25519 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 19
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 5
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 15
NSS-POLICY-INFO: NUMBER-OF-ECC: 7
NSS-POLICY-INFO: NUMBER-OF-HASH: 6
NSS-POLICY-INFO: NUMBER-OF-MAC: 3
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 2
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 8
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmp_e3oa54j mtime 1771152797
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 20
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17
NSS-POLICY-INFO: NUMBER-OF-ECC: 5
NSS-POLICY-INFO: NUMBER-OF-HASH: 8
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
python/build-crypto-policies.py --strict --policy FIPS:OSPP --test --flat policies tests/outputs
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmp3x1120uz mtime 1771152797
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 11
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 5
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 11
NSS-POLICY-INFO: NUMBER-OF-ECC: 2
NSS-POLICY-INFO: NUMBER-OF-HASH: 6
NSS-POLICY-INFO: NUMBER-OF-MAC: 3
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 2
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 5
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
python/build-crypto-policies.py --strict --policy FIPS:ECDHE-ONLY --test --flat policies tests/outputs
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpg9uesb3e mtime 1771152797
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 16
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 8
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 14
NSS-POLICY-INFO: NUMBER-OF-ECC: 4
NSS-POLICY-INFO: NUMBER-OF-HASH: 7
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 4
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 2
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 12
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
python/build-crypto-policies.py --strict --policy FIPS:NO-ENFORCE-EMS --test --flat policies tests/outputs
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmps4q735fr mtime 1771152798
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 17
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 8
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 14
NSS-POLICY-INFO: NUMBER-OF-ECC: 4
NSS-POLICY-INFO: NUMBER-OF-HASH: 7
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 4
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 18
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
python/build-crypto-policies.py --strict --policy DEFAULT:GOST --test --flat policies tests/outputs
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP256R1-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP384R1-MLKEM1024 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpai3y8x6o mtime 1771152798
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: X25519MLKEM768 is enabled for SSL-KX
NSS-POLICY-INFO: MLKEM768X25519 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 22
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17
NSS-POLICY-INFO: NUMBER-OF-ECC: 7
NSS-POLICY-INFO: NUMBER-OF-HASH: 8
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
python/build-crypto-policies.py --strict --policy GOST-ONLY --test --flat policies tests/outputs
python/build-crypto-policies.py --strict --policy LEGACY:AD-SUPPORT --test --flat policies tests/outputs
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: marking hash SHAKE-128 as secure
gnutls[2]: cfg: marking hash SHA1 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP256R1-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP384R1-MLKEM1024 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature DSA-SHA256 as secure
gnutls[2]: cfg: marking signature DSA-SHA384 as secure
gnutls[2]: cfg: marking signature DSA-SHA512 as secure
gnutls[2]: cfg: marking signature DSA-SHA224 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure
gnutls[2]: cfg: marking signature RSA-SHA1 as secure
gnutls[2]: cfg: marking signature DSA-SHA1 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature rsa-sha1 as secure for certs
gnutls[2]: cfg: marking signature dsa-sha1 as secure for certs
gnutls[2]: cfg: marking signature ecdsa-sha1 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling cipher 3DES-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-DSS for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version TLS1.1
gnutls[2]: cfg: enabling version TLS1.0
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: enabling version DTLS1.0
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmph4dfn2my mtime 1771152798
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: X25519MLKEM768 is enabled for SSL-KX
NSS-POLICY-INFO: MLKEM768X25519 is enabled for SSL-KX
NSS-POLICY-INFO: SHA1 is enabled for SSL-KX
NSS-POLICY-INFO: SHA1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: DES-EDE3-CBC is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-DSS is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: DSA is enabled for SSL-KX
NSS-POLICY-INFO: DSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 25
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 10
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 19
NSS-POLICY-INFO: NUMBER-OF-ECC: 7
NSS-POLICY-INFO: NUMBER-OF-HASH: 9
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 6
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 5
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 5
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 33
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
python/build-crypto-policies.py --policy DEFAULT:NO-PQ --test --flat policies tests/outputs  # not strict, sadly
ExperimentalValueWarning: `group` values `MLKEM512`, `X25519-MLKEM512`, `MLKEM768`, `X448-MLKEM768`, `P256-MLKEM512`, `MLKEM1024`, `P384-MLKEM768`, `P521-MLKEM1024` are experimental and might go away in the future
ExperimentalValueWarning: `sign` values `SPHINCSSHA2128FSIMPLE`, `P256-SPHINCSSHA2128FSIMPLE`, `RSA3072-SPHINCSSHA2128FSIMPLE`, `SPHINCSSHA2128SSIMPLE`, `P256-SPHINCSSHA2128SSIMPLE`, `RSA3072-SPHINCSSHA2128SSIMPLE`, `SPHINCSSHA2192FSIMPLE`, `P384-SPHINCSSHA2192FSIMPLE`, `SPHINCSSHAKE128FSIMPLE`, `P256-SPHINCSSHAKE128FSIMPLE`, `RSA3072-SPHINCSSHAKE128FSIMPLE` are experimental and might go away in the future
ExperimentalValueWarning: `sign` values `FALCON512`, `P256-FALCON512`, `RSA3072-FALCON512`, `FALCONPADDED512`, `P256-FALCONPADDED512`, `RSA3072-FALCONPADDED512`, `FALCON1024`, `P521-FALCON1024`, `FALCONPADDED1024`, `P521-FALCONPADDED1024` are experimental and might go away in the future
ExperimentalValueWarning: `sign` values `P256-MLDSA44`, `RSA3072-MLDSA44`, `MLDSA44-PSS2048`, `MLDSA44-RSA2048`, `MLDSA44-ED25519`, `MLDSA44-P256`, `MLDSA44-BP256`, `P384-MLDSA65`, `MLDSA65-PSS3072`, `MLDSA65-RSA3072`, `MLDSA65-P256`, `MLDSA65-BP256`, `MLDSA65-ED25519`, `P521-MLDSA87`, `MLDSA87-P384`, `MLDSA87-BP384`, `MLDSA87-ED448` are experimental and might go away in the future
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmprjy205c5 mtime 1771152798
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 20
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17
NSS-POLICY-INFO: NUMBER-OF-ECC: 5
NSS-POLICY-INFO: NUMBER-OF-HASH: 8
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
python/build-crypto-policies.py --policy DEFAULT:TEST-PQ --test --flat policies tests/outputs  # not strict
ExperimentalValueWarning: `group` value `P521-MLKEM1024` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `MLKEM1024` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `X448-MLKEM768` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `P384-MLKEM768` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `MLKEM768` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `X25519-MLKEM512` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `P256-MLKEM512` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `MLKEM512` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `RSA3072-SPHINCSSHAKE128FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P256-SPHINCSSHAKE128FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `SPHINCSSHAKE128FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P384-SPHINCSSHA2192FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `SPHINCSSHA2192FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `RSA3072-SPHINCSSHA2128SSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P256-SPHINCSSHA2128SSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `SPHINCSSHA2128SSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `RSA3072-SPHINCSSHA2128FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P256-SPHINCSSHA2128FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `SPHINCSSHA2128FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P521-FALCONPADDED1024` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `FALCONPADDED1024` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P521-FALCON1024` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `FALCON1024` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `RSA3072-FALCONPADDED512` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P256-FALCONPADDED512` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `FALCONPADDED512` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `RSA3072-FALCON512` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P256-FALCON512` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `FALCON512` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA87-ED448` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA87-BP384` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA87-P384` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P521-MLDSA87` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA65-ED25519` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA65-BP256` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA65-P256` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA65-RSA3072` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA65-PSS3072` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P384-MLDSA65` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA44-BP256` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA44-P256` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA44-ED25519` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA44-RSA2048` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA44-PSS2048` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `RSA3072-MLDSA44` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P256-MLDSA44` is experimental and might go away in the future
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP256R1-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP384R1-MLKEM1024 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmppd4eh3q1 mtime 1771152799
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: X25519MLKEM768 is enabled for SSL-KX
NSS-POLICY-INFO: MLKEM768X25519 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 22
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17
NSS-POLICY-INFO: NUMBER-OF-ECC: 7
NSS-POLICY-INFO: NUMBER-OF-HASH: 8
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
# FEDORA43 === DEFAULT
#diff policies/FEDORA43.pol policies/DEFAULT.pol
# FEDORA43:NO-PQ == FEDORA42 == FEDORA43:TEST-PQ:NO-PQ
#mkdir -p output/compare/FEDORA43:NO-PQ output/compare/FEDORA42
python/build-crypto-policies.py --policy FEDORA43:NO-PQ policies output/compare  # not strict
ExperimentalValueWarning: `group` values `MLKEM512`, `X25519-MLKEM512`, `MLKEM768`, `X448-MLKEM768`, `P256-MLKEM512`, `MLKEM1024`, `P384-MLKEM768`, `P521-MLKEM1024` are experimental and might go away in the future
ExperimentalValueWarning: `sign` values `SPHINCSSHA2128FSIMPLE`, `P256-SPHINCSSHA2128FSIMPLE`, `RSA3072-SPHINCSSHA2128FSIMPLE`, `SPHINCSSHA2128SSIMPLE`, `P256-SPHINCSSHA2128SSIMPLE`, `RSA3072-SPHINCSSHA2128SSIMPLE`, `SPHINCSSHA2192FSIMPLE`, `P384-SPHINCSSHA2192FSIMPLE`, `SPHINCSSHAKE128FSIMPLE`, `P256-SPHINCSSHAKE128FSIMPLE`, `RSA3072-SPHINCSSHAKE128FSIMPLE` are experimental and might go away in the future
ExperimentalValueWarning: `sign` values `FALCON512`, `P256-FALCON512`, `RSA3072-FALCON512`, `FALCONPADDED512`, `P256-FALCONPADDED512`, `RSA3072-FALCONPADDED512`, `FALCON1024`, `P521-FALCON1024`, `FALCONPADDED1024`, `P521-FALCONPADDED1024` are experimental and might go away in the future
ExperimentalValueWarning: `sign` values `P256-MLDSA44`, `RSA3072-MLDSA44`, `MLDSA44-PSS2048`, `MLDSA44-RSA2048`, `MLDSA44-ED25519`, `MLDSA44-P256`, `MLDSA44-BP256`, `P384-MLDSA65`, `MLDSA65-PSS3072`, `MLDSA65-RSA3072`, `MLDSA65-P256`, `MLDSA65-BP256`, `MLDSA65-ED25519`, `P521-MLDSA87`, `MLDSA87-P384`, `MLDSA87-BP384`, `MLDSA87-ED448` are experimental and might go away in the future
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpe9vsvf6o mtime 1771152799
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 20
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17
NSS-POLICY-INFO: NUMBER-OF-ECC: 5
NSS-POLICY-INFO: NUMBER-OF-HASH: 8
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
Saving config for bind for policy FEDORA43:NO-PQ

Saving config for gnutls for policy FEDORA43:NO-PQ

Saving config for java for policy FEDORA43:NO-PQ

Saving config for krb5 for policy FEDORA43:NO-PQ

Saving config for libreswan for policy FEDORA43:NO-PQ

Saving config for libssh for policy FEDORA43:NO-PQ

Saving config for nss for policy FEDORA43:NO-PQ

Saving config for openssh for policy FEDORA43:NO-PQ

Saving config for opensshserver for policy FEDORA43:NO-PQ

Saving config for openssl_fips for policy FEDORA43:NO-PQ

Saving config for opensslcnf for policy FEDORA43:NO-PQ

Saving config for rpm-sequoia for policy FEDORA43:NO-PQ

Saving config for sequoia for policy FEDORA43:NO-PQ

python/build-crypto-policies.py --policy FEDORA43:TEST-PQ:NO-PQ policies output/compare  # not strict
ExperimentalValueWarning: `group` value `P521-MLKEM1024` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `MLKEM1024` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `X448-MLKEM768` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `P384-MLKEM768` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `MLKEM768` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `X25519-MLKEM512` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `P256-MLKEM512` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `MLKEM512` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `RSA3072-SPHINCSSHAKE128FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P256-SPHINCSSHAKE128FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `SPHINCSSHAKE128FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P384-SPHINCSSHA2192FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `SPHINCSSHA2192FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `RSA3072-SPHINCSSHA2128SSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P256-SPHINCSSHA2128SSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `SPHINCSSHA2128SSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `RSA3072-SPHINCSSHA2128FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P256-SPHINCSSHA2128FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `SPHINCSSHA2128FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P521-FALCONPADDED1024` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `FALCONPADDED1024` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P521-FALCON1024` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `FALCON1024` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `RSA3072-FALCONPADDED512` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P256-FALCONPADDED512` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `FALCONPADDED512` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `RSA3072-FALCON512` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P256-FALCON512` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `FALCON512` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA87-ED448` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA87-BP384` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA87-P384` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P521-MLDSA87` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA65-ED25519` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA65-BP256` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA65-P256` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA65-RSA3072` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA65-PSS3072` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P384-MLDSA65` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA44-BP256` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA44-P256` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA44-ED25519` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA44-RSA2048` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA44-PSS2048` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `RSA3072-MLDSA44` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P256-MLDSA44` is experimental and might go away in the future
ExperimentalValueWarning: `group` values `MLKEM512`, `X25519-MLKEM512`, `MLKEM768`, `X448-MLKEM768`, `P256-MLKEM512`, `MLKEM1024`, `P384-MLKEM768`, `P521-MLKEM1024` are experimental and might go away in the future
ExperimentalValueWarning: `sign` values `SPHINCSSHA2128FSIMPLE`, `P256-SPHINCSSHA2128FSIMPLE`, `RSA3072-SPHINCSSHA2128FSIMPLE`, `SPHINCSSHA2128SSIMPLE`, `P256-SPHINCSSHA2128SSIMPLE`, `RSA3072-SPHINCSSHA2128SSIMPLE`, `SPHINCSSHA2192FSIMPLE`, `P384-SPHINCSSHA2192FSIMPLE`, `SPHINCSSHAKE128FSIMPLE`, `P256-SPHINCSSHAKE128FSIMPLE`, `RSA3072-SPHINCSSHAKE128FSIMPLE` are experimental and might go away in the future
ExperimentalValueWarning: `sign` values `FALCON512`, `P256-FALCON512`, `RSA3072-FALCON512`, `FALCONPADDED512`, `P256-FALCONPADDED512`, `RSA3072-FALCONPADDED512`, `FALCON1024`, `P521-FALCON1024`, `FALCONPADDED1024`, `P521-FALCONPADDED1024` are experimental and might go away in the future
ExperimentalValueWarning: `sign` values `P256-MLDSA44`, `RSA3072-MLDSA44`, `MLDSA44-PSS2048`, `MLDSA44-RSA2048`, `MLDSA44-ED25519`, `MLDSA44-P256`, `MLDSA44-BP256`, `P384-MLDSA65`, `MLDSA65-PSS3072`, `MLDSA65-RSA3072`, `MLDSA65-P256`, `MLDSA65-BP256`, `MLDSA65-ED25519`, `P521-MLDSA87`, `MLDSA87-P384`, `MLDSA87-BP384`, `MLDSA87-ED448` are experimental and might go away in the future
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmp_r2f9wyw mtime 1771152799
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 20
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17
NSS-POLICY-INFO: NUMBER-OF-ECC: 5
NSS-POLICY-INFO: NUMBER-OF-HASH: 8
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
Saving config for bind for policy FEDORA43:TEST-PQ:NO-PQ

Saving config for gnutls for policy FEDORA43:TEST-PQ:NO-PQ

Saving config for java for policy FEDORA43:TEST-PQ:NO-PQ

Saving config for krb5 for policy FEDORA43:TEST-PQ:NO-PQ

Saving config for libreswan for policy FEDORA43:TEST-PQ:NO-PQ

Saving config for libssh for policy FEDORA43:TEST-PQ:NO-PQ

Saving config for nss for policy FEDORA43:TEST-PQ:NO-PQ

Saving config for openssh for policy FEDORA43:TEST-PQ:NO-PQ

Saving config for opensshserver for policy FEDORA43:TEST-PQ:NO-PQ

Saving config for openssl_fips for policy FEDORA43:TEST-PQ:NO-PQ

Saving config for opensslcnf for policy FEDORA43:TEST-PQ:NO-PQ

Saving config for rpm-sequoia for policy FEDORA43:TEST-PQ:NO-PQ

Saving config for sequoia for policy FEDORA43:TEST-PQ:NO-PQ

python/build-crypto-policies.py --strict --policy FEDORA42 policies output/compare
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpjfq9n9z6 mtime 1771152800
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 20
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17
NSS-POLICY-INFO: NUMBER-OF-ECC: 5
NSS-POLICY-INFO: NUMBER-OF-HASH: 8
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
Saving config for bind for policy FEDORA42

Saving config for gnutls for policy FEDORA42

Saving config for java for policy FEDORA42

Saving config for krb5 for policy FEDORA42

Saving config for libreswan for policy FEDORA42

Saving config for libssh for policy FEDORA42

Saving config for nss for policy FEDORA42

Saving config for openssh for policy FEDORA42

Saving config for opensshserver for policy FEDORA42

Saving config for openssl_fips for policy FEDORA42

Saving config for opensslcnf for policy FEDORA42

Saving config for rpm-sequoia for policy FEDORA42

Saving config for sequoia for policy FEDORA42

diff -r output/compare/FEDORA43:NO-PQ output/compare/FEDORA42
diff -r output/compare/FEDORA43:TEST-PQ:NO-PQ output/compare/FEDORA42
rm -r output/compare
tests/openssl.py
Checking the OpenSSL configuration
Checking policy FUTURE
Checking policy FEDORA42
Checking policy FIPS:NO-ENFORCE-EMS
Checking policy FIPS
Checking policy LEGACY:AD-SUPPORT
Checking policy DEFAULT:TEST-PQ
Checking policy BSI
Checking policy DEFAULT:GOST
Checking policy LEGACY
Checking policy FIPS:ECDHE-ONLY
Checking policy DEFAULT:NO-PQ
Checking policy DEFAULT
Checking policy FEDORA43
Checking policy FIPS:OSPP
tests/gnutls.py
Checking the GnuTLS configuration
Checking policy DEFAULT:GOST
Checking policy FIPS:ECDHE-ONLY
Checking policy FUTURE
Checking policy FIPS:NO-ENFORCE-EMS
Checking policy DEFAULT:NO-PQ
Checking policy BSI
Checking policy FIPS
Checking policy LEGACY
Checking policy LEGACY:AD-SUPPORT
Checking policy FIPS:OSPP
Checking policy EMPTY
Checking policy DEFAULT:TEST-PQ
Checking policy FEDORA42
Checking policy FEDORA43
Checking policy DEFAULT
tests/nss.py
Checking the NSS configuration
Checking policy LEGACY
Checking policy DEFAULT:GOST
Checking policy LEGACY:AD-SUPPORT
Checking policy FIPS:ECDHE-ONLY
Checking policy DEFAULT:TEST-PQ
Checking policy DEFAULT
Checking policy BSI
Checking policy FIPS:OSPP
Checking policy GOST-ONLY
Checking policy DEFAULT:NO-PQ
Checking policy FIPS:NO-ENFORCE-EMS
Checking policy FEDORA43
Checking policy FEDORA42
Checking policy FIPS
Checking policy EMPTY
Checking policy FUTURE
tests/java.py
Checking the Java configuration
Checking policy BSI
Checking policy LEGACY
Checking policy FEDORA42
Checking policy FIPS:ECDHE-ONLY
Checking policy DEFAULT:TEST-PQ
Checking policy FEDORA43
Checking policy FUTURE
Checking policy DEFAULT:GOST
Checking policy FIPS
Checking policy FIPS:NO-ENFORCE-EMS
Checking policy DEFAULT:NO-PQ
Checking policy FIPS:OSPP
Checking policy LEGACY:AD-SUPPORT
Checking policy DEFAULT
Checking policy GOST-ONLY
Checking policy EMPTY
tests/krb5.py
Skipping krb5 test; checker not found!
top_srcdir=. tests/update-crypto-policies.sh
Saving config for bind for policy BSI

Saving config for gnutls for policy BSI

Saving config for java for policy BSI

Saving config for krb5 for policy BSI

Saving config for libreswan for policy BSI

Saving config for libssh for policy BSI

Saving config for nss for policy BSI

Saving config for openssh for policy BSI

Saving config for opensshserver for policy BSI

Saving config for openssl_fips for policy BSI

Saving config for opensslcnf for policy BSI

Saving config for rpm-sequoia for policy BSI

Saving config for sequoia for policy BSI

Saving config for bind for policy LEGACY

Saving config for gnutls for policy LEGACY

Saving config for java for policy LEGACY

Saving config for krb5 for policy LEGACY

Saving config for libreswan for policy LEGACY

Saving config for libssh for policy LEGACY

Saving config for nss for policy LEGACY

Saving config for openssh for policy LEGACY

Saving config for opensshserver for policy LEGACY

Saving config for openssl_fips for policy LEGACY

Saving config for opensslcnf for policy LEGACY

Saving config for rpm-sequoia for policy LEGACY

Saving config for sequoia for policy LEGACY

Saving config for bind for policy EMPTY

Saving config for gnutls for policy EMPTY

Saving config for java for policy EMPTY

Saving config for krb5 for policy EMPTY

Saving config for libreswan for policy EMPTY

Saving config for libssh for policy EMPTY

Saving config for nss for policy EMPTY

Saving config for openssh for policy EMPTY

Saving config for opensshserver for policy EMPTY

Saving config for openssl_fips for policy EMPTY

Saving config for opensslcnf for policy EMPTY

Saving config for rpm-sequoia for policy EMPTY

Saving config for sequoia for policy EMPTY

Saving config for bind for policy GOST-ONLY

Saving config for gnutls for policy GOST-ONLY

Saving config for java for policy GOST-ONLY

Saving config for krb5 for policy GOST-ONLY

Saving config for libreswan for policy GOST-ONLY

Saving config for libssh for policy GOST-ONLY

Saving config for nss for policy GOST-ONLY

Saving config for openssh for policy GOST-ONLY

Saving config for opensshserver for policy GOST-ONLY

Saving config for openssl_fips for policy GOST-ONLY

Saving config for opensslcnf for policy GOST-ONLY

Saving config for rpm-sequoia for policy GOST-ONLY

Saving config for sequoia for policy GOST-ONLY

Saving config for bind for policy FEDORA43

Saving config for gnutls for policy FEDORA43

Saving config for java for policy FEDORA43

Saving config for krb5 for policy FEDORA43

Saving config for libreswan for policy FEDORA43

Saving config for libssh for policy FEDORA43

Saving config for nss for policy FEDORA43

Saving config for openssh for policy FEDORA43

Saving config for opensshserver for policy FEDORA43

Saving config for openssl_fips for policy FEDORA43

Saving config for opensslcnf for policy FEDORA43

Saving config for rpm-sequoia for policy FEDORA43

Saving config for sequoia for policy FEDORA43

Saving config for bind for policy FIPS

Saving config for gnutls for policy FIPS

Saving config for java for policy FIPS

Saving config for krb5 for policy FIPS

Saving config for libreswan for policy FIPS

Saving config for libssh for policy FIPS

Saving config for nss for policy FIPS

Saving config for openssh for policy FIPS

Saving config for opensshserver for policy FIPS

Saving config for openssl_fips for policy FIPS

Saving config for opensslcnf for policy FIPS

Saving config for rpm-sequoia for policy FIPS

Saving config for sequoia for policy FIPS

Saving config for bind for policy DEFAULT

Saving config for gnutls for policy DEFAULT

Saving config for java for policy DEFAULT

Saving config for krb5 for policy DEFAULT

Saving config for libreswan for policy DEFAULT

Saving config for libssh for policy DEFAULT

Saving config for nss for policy DEFAULT

Saving config for openssh for policy DEFAULT

Saving config for opensshserver for policy DEFAULT

Saving config for openssl_fips for policy DEFAULT

Saving config for opensslcnf for policy DEFAULT

Saving config for rpm-sequoia for policy DEFAULT

Saving config for sequoia for policy DEFAULT

Saving config for bind for policy FUTURE

Saving config for gnutls for policy FUTURE

Saving config for java for policy FUTURE

Saving config for krb5 for policy FUTURE

Saving config for libreswan for policy FUTURE

Saving config for libssh for policy FUTURE

Saving config for nss for policy FUTURE

Saving config for openssh for policy FUTURE

Saving config for opensshserver for policy FUTURE

Saving config for openssl_fips for policy FUTURE

Saving config for opensslcnf for policy FUTURE

Saving config for rpm-sequoia for policy FUTURE

Saving config for sequoia for policy FUTURE

Saving config for bind for policy FEDORA42

Saving config for gnutls for policy FEDORA42

Saving config for java for policy FEDORA42

Saving config for krb5 for policy FEDORA42

Saving config for libreswan for policy FEDORA42

Saving config for libssh for policy FEDORA42

Saving config for nss for policy FEDORA42

Saving config for openssh for policy FEDORA42

Saving config for opensshserver for policy FEDORA42

Saving config for openssl_fips for policy FEDORA42

Saving config for opensslcnf for policy FEDORA42

Saving config for rpm-sequoia for policy FEDORA42

Saving config for sequoia for policy FEDORA42

tests/update-crypto-policies.sh: checking if default profile is properly selected
Setting system policy to DEFAULT
Note: System-wide crypto policies are applied on application start-up.
It is recommended to restart the system for the change of policies
to fully take place.

tests/update-crypto-policies.sh: checking if current policy dump is equal to the original default profile
PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement
Setting system policy to CURRENT
Note: System-wide crypto policies are applied on application start-up.
It is recommended to restart the system for the change of policies
to fully take place.

tests/update-crypto-policies.sh: checking if switching to other profile works
Setting system policy to LEGACY
Note: System-wide crypto policies are applied on application start-up.
It is recommended to restart the system for the change of policies
to fully take place.

tests/update-crypto-policies.sh: checking if local.d works
Setting system policy to DEFAULT
Note: System-wide crypto policies are applied on application start-up.
It is recommended to restart the system for the change of policies
to fully take place.

tests/update-crypto-policies.sh: checking if --check works (test 1)
The configured policy matches the generated policy
The configured policy does NOT match the generated policy
--check works as expected

tests/update-crypto-policies.sh: checking if --check works (test 2)
Setting system policy to DEFAULT
Note: System-wide crypto policies are applied on application start-up.
It is recommended to restart the system for the change of policies
to fully take place.
The configured policy matches the generated policy
The configured policy does NOT match the generated policy
--check works as expected
cp -r tests/outputs output/alt
python/build-crypto-policies.py --test --flat tests/alternative-policies output/alt
PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_group is deprecated, please rewrite your rules using group@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 1 is deprecated, please rewrite your rules using hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using etm@SSH = ANY; be advised that it is not always a 1-1 replacement
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: marking hash SHAKE-128 as secure
gnutls[2]: cfg: marking hash SHA1 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP256R1-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP384R1-MLKEM1024 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature DSA-SHA256 as secure
gnutls[2]: cfg: marking signature DSA-SHA384 as secure
gnutls[2]: cfg: marking signature DSA-SHA512 as secure
gnutls[2]: cfg: marking signature DSA-SHA224 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure
gnutls[2]: cfg: marking signature RSA-SHA1 as secure
gnutls[2]: cfg: marking signature DSA-SHA1 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature rsa-sha1 as secure for certs
gnutls[2]: cfg: marking signature dsa-sha1 as secure for certs
gnutls[2]: cfg: marking signature ecdsa-sha1 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling cipher 3DES-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-DSS for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version TLS1.1
gnutls[2]: cfg: enabling version TLS1.0
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: enabling version DTLS1.0
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpy_s6_m_j mtime 1771152809
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: X25519MLKEM768 is enabled for SSL-KX
NSS-POLICY-INFO: MLKEM768X25519 is enabled for SSL-KX
NSS-POLICY-INFO: SHA1 is enabled for SSL-KX
NSS-POLICY-INFO: SHA1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: DES-EDE3-CBC is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-DSS is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: DSA is enabled for SSL-KX
NSS-POLICY-INFO: DSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 25
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 10
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 19
NSS-POLICY-INFO: NUMBER-OF-ECC: 7
NSS-POLICY-INFO: NUMBER-OF-HASH: 9
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 6
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 5
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 5
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 33
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_group is deprecated, please rewrite your rules using group@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 0 is deprecated, please rewrite your rules using hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_etm = 0 is deprecated, please rewrite your rules using etm@SSH = DISABLE_ETM; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 1 is deprecated, please rewrite your rules using hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using etm@SSH = ANY; be advised that it is not always a 1-1 replacement
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP256R1-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP384R1-MLKEM1024 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmp24tvb3_x mtime 1771152809
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: X25519MLKEM768 is enabled for SSL-KX
NSS-POLICY-INFO: MLKEM768X25519 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 22
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17
NSS-POLICY-INFO: NUMBER-OF-ECC: 7
NSS-POLICY-INFO: NUMBER-OF-HASH: 8
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 0 is deprecated, please rewrite your rules using hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using etm@SSH = ANY; be advised that it is not always a 1-1 replacement
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpuwrjrdmi mtime 1771152809
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 17
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 8
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 14
NSS-POLICY-INFO: NUMBER-OF-ECC: 4
NSS-POLICY-INFO: NUMBER-OF-HASH: 7
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 4
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 18
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 1 is deprecated, please rewrite your rules using hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using etm@SSH = ANY; be advised that it is not always a 1-1 replacement
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP256R1-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP384R1-MLKEM1024 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpgig41ih2 mtime 1771152809
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: X25519MLKEM768 is enabled for SSL-KX
NSS-POLICY-INFO: MLKEM768X25519 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 22
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17
NSS-POLICY-INFO: NUMBER-OF-ECC: 7
NSS-POLICY-INFO: NUMBER-OF-HASH: 8
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 0 is deprecated, please rewrite your rules using hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using etm@SSH = ANY; be advised that it is not always a 1-1 replacement
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP256R1-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP384R1-MLKEM1024 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpk5manx78 mtime 1771152810
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: X25519MLKEM768 is enabled for SSL-KX
NSS-POLICY-INFO: MLKEM768X25519 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 19
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 5
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 15
NSS-POLICY-INFO: NUMBER-OF-ECC: 7
NSS-POLICY-INFO: NUMBER-OF-HASH: 6
NSS-POLICY-INFO: NUMBER-OF-MAC: 3
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 2
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 8
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 1 is deprecated, please rewrite your rules using hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using etm@SSH = ANY; be advised that it is not always a 1-1 replacement
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmp87atcs_1 mtime 1771152810
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 20
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17
NSS-POLICY-INFO: NUMBER-OF-ECC: 5
NSS-POLICY-INFO: NUMBER-OF-HASH: 8
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
python/build-crypto-policies.py --policy FIPS:OSPP --test --flat tests/alternative-policies output/alt
PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 0 is deprecated, please rewrite your rules using hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using etm@SSH = ANY; be advised that it is not always a 1-1 replacement
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmp07bhohfz mtime 1771152810
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 11
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 5
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 11
NSS-POLICY-INFO: NUMBER-OF-ECC: 2
NSS-POLICY-INFO: NUMBER-OF-HASH: 6
NSS-POLICY-INFO: NUMBER-OF-MAC: 3
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 2
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 5
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
python/build-crypto-policies.py --policy FIPS:ECDHE-ONLY --test --flat tests/alternative-policies output/alt
PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 0 is deprecated, please rewrite your rules using hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using etm@SSH = ANY; be advised that it is not always a 1-1 replacement
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpcxr8h5u2 mtime 1771152810
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 16
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 8
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 14
NSS-POLICY-INFO: NUMBER-OF-ECC: 4
NSS-POLICY-INFO: NUMBER-OF-HASH: 7
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 4
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 2
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 12
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
python/build-crypto-policies.py --policy FIPS:NO-ENFORCE-EMS --test --flat tests/alternative-policies output/alt
PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 0 is deprecated, please rewrite your rules using hash@DNSSec = -SHA1 and sign@DNSSec = -RSA-SHA1 -ECDSA-SHA1; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using etm@SSH = ANY; be advised that it is not always a 1-1 replacement
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpk10gq7oo mtime 1771152810
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 17
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 8
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 14
NSS-POLICY-INFO: NUMBER-OF-ECC: 4
NSS-POLICY-INFO: NUMBER-OF-HASH: 7
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 4
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 3
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 3
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 18
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
python/build-crypto-policies.py --policy GOST-ONLY --test --flat tests/alternative-policies output/alt
PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement
python/build-crypto-policies.py --policy LEGACY:AD-SUPPORT --test --flat tests/alternative-policies output/alt
PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_group is deprecated, please rewrite your rules using group@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 1 is deprecated, please rewrite your rules using hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using etm@SSH = ANY; be advised that it is not always a 1-1 replacement
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: marking hash SHAKE-128 as secure
gnutls[2]: cfg: marking hash SHA1 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP256R1-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP384R1-MLKEM1024 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature DSA-SHA256 as secure
gnutls[2]: cfg: marking signature DSA-SHA384 as secure
gnutls[2]: cfg: marking signature DSA-SHA512 as secure
gnutls[2]: cfg: marking signature DSA-SHA224 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure
gnutls[2]: cfg: marking signature RSA-SHA1 as secure
gnutls[2]: cfg: marking signature DSA-SHA1 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature DSA-SHA1 as secure for certs
gnutls[2]: cfg: marking signature rsa-sha1 as secure for certs
gnutls[2]: cfg: marking signature dsa-sha1 as secure for certs
gnutls[2]: cfg: marking signature ecdsa-sha1 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling cipher 3DES-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-DSS for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version TLS1.1
gnutls[2]: cfg: enabling version TLS1.0
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: enabling version DTLS1.0
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpk8c8i2zf mtime 1771152811
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: X25519MLKEM768 is enabled for SSL-KX
NSS-POLICY-INFO: MLKEM768X25519 is enabled for SSL-KX
NSS-POLICY-INFO: SHA1 is enabled for SSL-KX
NSS-POLICY-INFO: SHA1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: DES-EDE3-CBC is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-DSS is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: DSA is enabled for SSL-KX
NSS-POLICY-INFO: DSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 25
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 10
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 19
NSS-POLICY-INFO: NUMBER-OF-ECC: 7
NSS-POLICY-INFO: NUMBER-OF-HASH: 9
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 6
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 5
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 5
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_3DES_EDE_CBC_SHA is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 33
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
python/build-crypto-policies.py --policy DEFAULT:GOST --test --flat tests/alternative-policies output/alt
PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 1 is deprecated, please rewrite your rules using hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using etm@SSH = ANY; be advised that it is not always a 1-1 replacement
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP256R1-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP384R1-MLKEM1024 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmpbochzv5x mtime 1771152811
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: X25519MLKEM768 is enabled for SSL-KX
NSS-POLICY-INFO: MLKEM768X25519 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 22
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17
NSS-POLICY-INFO: NUMBER-OF-ECC: 7
NSS-POLICY-INFO: NUMBER-OF-HASH: 8
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
python/build-crypto-policies.py --policy DEFAULT:TEST-PQ --test --flat tests/alternative-policies output/alt
PolicySyntaxDeprecationWarning: Option protocol is deprecated, please rewrite your rules using protocol@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option tls_cipher is deprecated, please rewrite your rules using cipher@TLS; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_cipher is deprecated, please rewrite your rules using cipher@SSH; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ike_protocol is deprecated, please rewrite your rules using protocol@IKE; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option sha1_in_dnssec = 1 is deprecated, please rewrite your rules using hash@DNSSec = SHA1+ and sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+; be advised that it is not always a 1-1 replacement
PolicySyntaxDeprecationWarning: Option ssh_etm = 1 is deprecated, please rewrite your rules using etm@SSH = ANY; be advised that it is not always a 1-1 replacement
ExperimentalValueWarning: `group` values `MLKEM512`, `X25519-MLKEM512`, `MLKEM768`, `X448-MLKEM768`, `P256-MLKEM512`, `MLKEM1024`, `P384-MLKEM768`, `P521-MLKEM1024` are experimental and might go away in the future
ExperimentalValueWarning: `group` value `P521-MLKEM1024` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `MLKEM1024` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `X448-MLKEM768` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `P384-MLKEM768` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `MLKEM768` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `X25519-MLKEM512` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `P256-MLKEM512` is experimental and might go away in the future
ExperimentalValueWarning: `group` value `MLKEM512` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `RSA3072-SPHINCSSHAKE128FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P256-SPHINCSSHAKE128FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `SPHINCSSHAKE128FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P384-SPHINCSSHA2192FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `SPHINCSSHA2192FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `RSA3072-SPHINCSSHA2128SSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P256-SPHINCSSHA2128SSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `SPHINCSSHA2128SSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `RSA3072-SPHINCSSHA2128FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P256-SPHINCSSHA2128FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `SPHINCSSHA2128FSIMPLE` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P521-FALCONPADDED1024` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `FALCONPADDED1024` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P521-FALCON1024` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `FALCON1024` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `RSA3072-FALCONPADDED512` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P256-FALCONPADDED512` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `FALCONPADDED512` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `RSA3072-FALCON512` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P256-FALCON512` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `FALCON512` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA87-ED448` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA87-BP384` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA87-P384` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P521-MLDSA87` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA65-ED25519` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA65-BP256` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA65-P256` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA65-RSA3072` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA65-PSS3072` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P384-MLDSA65` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA44-BP256` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA44-P256` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA44-ED25519` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA44-RSA2048` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `MLDSA44-PSS2048` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `RSA3072-MLDSA44` is experimental and might go away in the future
ExperimentalValueWarning: `sign` value `P256-MLDSA44` is experimental and might go away in the future
gnutls[2]: Enabled GnuTLS 3.8.12 logging...
gnutls[2]: getrandom random generator was selected
gnutls[2]: Intel SSSE3 was detected
gnutls[2]: Intel AES accelerator was detected
gnutls[2]: Intel GCM accelerator was detected
gnutls[2]: cfg: marking hash SHA256 as secure
gnutls[2]: cfg: marking hash SHA384 as secure
gnutls[2]: cfg: marking hash SHA512 as secure
gnutls[2]: cfg: marking hash SHA3-256 as secure
gnutls[2]: cfg: marking hash SHA3-384 as secure
gnutls[2]: cfg: marking hash SHA3-512 as secure
gnutls[2]: cfg: marking hash SHA224 as secure
gnutls[2]: cfg: marking hash SHA3-224 as secure
gnutls[2]: cfg: marking hash SHAKE-256 as secure
gnutls[2]: cfg: enabling MAC AEAD for TLS
gnutls[2]: cfg: enabling MAC SHA1 for TLS
gnutls[2]: cfg: enabling MAC SHA512 for TLS
gnutls[2]: cfg: enabling group X25519-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP256R1-MLKEM768 for TLS
gnutls[2]: cfg: enabling group SECP384R1-MLKEM1024 for TLS
gnutls[2]: cfg: enabling group X25519 for TLS
gnutls[2]: cfg: enabling group SECP256R1 for TLS
gnutls[2]: cfg: enabling group X448 for TLS
gnutls[2]: cfg: enabling group SECP521R1 for TLS
gnutls[2]: cfg: enabling group SECP384R1 for TLS
gnutls[2]: cfg: enabling group FFDHE2048 for TLS
gnutls[2]: cfg: enabling group FFDHE3072 for TLS
gnutls[2]: cfg: enabling group FFDHE4096 for TLS
gnutls[2]: cfg: enabling group FFDHE6144 for TLS
gnutls[2]: cfg: enabling group FFDHE8192 for TLS
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure
gnutls[2]: cfg: marking signature RSA-SHA256 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure
gnutls[2]: cfg: marking signature RSA-SHA384 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure
gnutls[2]: cfg: marking signature RSA-SHA512 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure
gnutls[2]: cfg: marking signature RSA-SHA224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure
gnutls[2]: cfg: marking signature ECDSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP256R1-SHA256 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP384R1-SHA384 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SECP521R1-SHA512 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed25519 as secure for certs
gnutls[2]: cfg: marking signature EdDSA-Ed448 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-PSS-RSAE-SHA512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA256 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA384 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-512 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA512 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA224 as secure for certs
gnutls[2]: cfg: marking signature ECDSA-SHA3-224 as secure for certs
gnutls[2]: cfg: marking signature RSA-SHA3-224 as secure for certs
gnutls[2]: cfg: enabling curve X25519
gnutls[2]: cfg: enabling curve SECP256R1
gnutls[2]: cfg: enabling curve X448
gnutls[2]: cfg: enabling curve SECP521R1
gnutls[2]: cfg: enabling curve SECP384R1
gnutls[2]: cfg: enabling curve Ed25519
gnutls[2]: cfg: enabling curve Ed448
gnutls[2]: cfg: enabling cipher AES-256-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-256-CCM for TLS
gnutls[2]: cfg: enabling cipher CHACHA20-POLY1305 for TLS
gnutls[2]: cfg: enabling cipher AES-256-CBC for TLS
gnutls[2]: cfg: enabling cipher AES-128-GCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CCM for TLS
gnutls[2]: cfg: enabling cipher AES-128-CBC for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-RSA for TLS
gnutls[2]: cfg: enabling key exchange ECDHE-ECDSA for TLS
gnutls[2]: cfg: enabling key exchange RSA for TLS
gnutls[2]: cfg: enabling key exchange DHE-RSA for TLS
gnutls[2]: cfg: enabling version TLS1.3
gnutls[2]: cfg: enabling version TLS1.2
gnutls[2]: cfg: enabling version DTLS1.2
gnutls[2]: cfg: adding priority: SYSTEM -> NONE
gnutls[2]: cfg: loaded system config /tmp/tmp6dxuh8a0 mtime 1771152811
gnutls[2]: cfg: deferred setting system-wide priority string
NSS-POLICY-INFO: LOADED-SUCCESSFULLY
NSS-POLICY-INFO: PRIME256V1 is enabled for SSL-KX
NSS-POLICY-INFO: PRIME256V1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP256R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP256R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP384R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP384R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SECP521R1 is enabled for SSL-KX
NSS-POLICY-INFO: SECP521R1 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: CURVE25519 is enabled for SSL-KX
NSS-POLICY-INFO: CURVE25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: X25519MLKEM768 is enabled for SSL-KX
NSS-POLICY-INFO: MLKEM768X25519 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-224 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-224 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-256 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-256 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-384 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-384 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: SHA3-512 is enabled for SSL-KX
NSS-POLICY-INFO: SHA3-512 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: HMAC-SHA1 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA256 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA384 is enabled for SSL
NSS-POLICY-INFO: HMAC-SHA512 is enabled for SSL
NSS-POLICY-INFO: AES128-CBC is enabled for SSL
NSS-POLICY-INFO: AES256-CBC is enabled for SSL
NSS-POLICY-INFO: AES128-GCM is enabled for SSL
NSS-POLICY-INFO: AES256-GCM is enabled for SSL
NSS-POLICY-INFO: CHACHA20-POLY1305 is enabled for SSL
NSS-POLICY-INFO: RSA is enabled for SSL-KX
NSS-POLICY-INFO: DHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDHE-RSA is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PKCS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: RSA-PSS is enabled for SSL-KX
NSS-POLICY-INFO: RSA-PSS is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ECDSA is enabled for SSL-KX
NSS-POLICY-INFO: ECDSA is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: ED25519 is enabled for CERT-SIGNATURE
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG-KX: 22
NSS-POLICY-INFO: NUMBER-OF-SSL-ALG: 9
NSS-POLICY-INFO: NUMBER-OF-CERT-SIG: 17
NSS-POLICY-INFO: NUMBER-OF-ECC: 7
NSS-POLICY-INFO: NUMBER-OF-HASH: 8
NSS-POLICY-INFO: NUMBER-OF-MAC: 4
NSS-POLICY-INFO: NUMBER-OF-CIPHER: 5
NSS-POLICY-INFO: NUMBER-OF-SSL-KX: 4
NSS-POLICY-WARN: NUMBER-OF-SMIME-KX: 0
NSS-POLICY-INFO: NUMBER-OF-OTHER-SIGN: 4
NSS-POLICY-INFO: ciphersuite TLS_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_GCM_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_GCM_SHA384 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_128_CBC_SHA256 is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA is enabled
NSS-POLICY-INFO: ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 is enabled
NSS-POLICY-INFO: NUMBER-OF-CIPHERSUITES: 28
NSS-POLICY-INFO: NUMBER-OF-TLS-VERSIONS: 2
NSS-POLICY-INFO: NUMBER-OF-DTLS-VERSIONS: 1
Pseudo-terminal will not be allocated because stdin is not a terminal.
sequoia-policy-config-check returns 0
sequoia-policy-config-check returns 0
+ RPM_EC=0
++ jobs -p
+ exit 0
Processing files: crypto-policies-20250402-6.mga10.noarch
Executing(%license): /bin/sh -e /home/iurt/rpmbuild/tmp/rpm-tmp.GGRRyY
+ umask 022
+ cd /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build
+ cd fedora-crypto-policies-86c0178-86c0178416fe7998bbf553a3e713a9c4b7205757
+ LICENSEDIR=/home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/licenses/crypto-policies
+ export LC_ALL=C
+ LC_ALL=C
+ export LICENSEDIR
+ /usr/bin/mkdir -p /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/licenses/crypto-policies
+ cp -pr /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/fedora-crypto-policies-86c0178-86c0178416fe7998bbf553a3e713a9c4b7205757/COPYING.LESSER /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT/usr/share/licenses/crypto-policies
+ RPM_EC=0
++ jobs -p
+ exit 0
Provides: config(crypto-policies) = 20250402-6.mga10 crypto-policies = 20250402-6.mga10
Requires(interp): /bin/sh
Requires(rpmlib): rpmlib(BuiltinLuaScripts) <= 4.2.2-1 rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PartialHardlinkSets) <= 4.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Requires(pre): /bin/sh
Recommends: crypto-policies-scripts
Processing files: crypto-policies-scripts-20250402-6.mga10.noarch
Provides: crypto-policies-scripts = 20250402-6.mga10
Requires(interp): /bin/sh
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PartialHardlinkSets) <= 4.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Requires(post): python3
Requires(posttrans): /bin/sh
Checking for unpackaged file(s): /usr/lib/rpm/check-files /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build/BUILDROOT
Wrote: /home/iurt/rpmbuild/RPMS/noarch/crypto-policies-20250402-6.mga10.noarch.rpm
Wrote: /home/iurt/rpmbuild/RPMS/noarch/crypto-policies-scripts-20250402-6.mga10.noarch.rpm
Executing(rmbuild): /bin/sh -e /home/iurt/rpmbuild/tmp/rpm-tmp.ktfiD1
+ umask 022
+ cd /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build
+ test -d /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build
+ /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build
+ rm -rf /home/iurt/rpmbuild/BUILD/crypto-policies-20250402-build
+ RPM_EC=0
++ jobs -p
+ exit 0
D: [iurt_root_command] Success!