Please extend cipher key sizes.

[voxik]

Sooner then later, Fedora will enforce stronger crypto policies. These policies can be already enforced by update-crypto-policies --set NEXT. With this settings, the test suite produces ~100 errors, such as:

101) Error:
OpenSSL::TestSSL#test_servername_cb_raises_an_exception_on_unknown_objects:
OpenSSL::SSL::SSLError: SSL_CTX_use_certificate: ee key too small
    /builddir/build/BUILD/ruby-2.5.1/test/openssl/test_ssl.rb:766:in `initialize'
    /builddir/build/BUILD/ruby-2.5.1/test/openssl/test_ssl.rb:766:in `new'
    /builddir/build/BUILD/ruby-2.5.1/test/openssl/test_ssl.rb:766:in `test_servername_cb_raises_an_exception_on_unknown_objects'

It would be really nice if:

1. Ruby OpenSSL is prepared for these changes sooner then these settings are applied (the original schedule was for F29 already [1], [2]).
2. The change could be done on one place or not at all, e.g. to go with something like:

$ export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file
$ export OPENSSL_CONF=''

[voxik]

This was announced minutes ago:

https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/HCTK64OKDIOFCO542XPE45GREH22IGML/

[voxik]

BTW this is an issue for RHEL8 Beta, which was released yesterday:

https://developers.redhat.com/blog/2018/11/15/red-hat-enterprise-linux-8-beta-is-here/

The default crypto settings of RHEL8 is similar to update-crypto-policies --set NEXT on Fedora, if I am not mistaken.

[voxik]

This is already resolved I believe