<div style="font-family: Arial, sans-serif; font-size: 14px;">Package: <span>libvirt-daemon</span></div><div style="font-family: Arial, sans-serif; font-size: 14px;"><span>Version: <span>11.3.0-3</span></span></div><br><div style="font-family: Arial, sans-serif; font-size: 14px;"><span><span>Libvirt currently enforces the Key Encipherment certificate extension to be present in configured TLS certificates.</span></span></div><div style="font-family: Arial, sans-serif; font-size: 14px;"><span><span>This goes against the specification that ECDSA certificates should never contain the Key Encipherment extension.</span></span></div><div style="font-family: Arial, sans-serif; font-size: 14px;"><span><span><br></span></span></div><div style="font-family: Arial, sans-serif; font-size: 14px;"><span><span>Dropping the requirement altogether is the better option, as it is no longer a requirement with modern ciphers.</span></span></div><div style="font-family: Arial, sans-serif; font-size: 14px;"><span><span><br></span></span></div><div style="font-family: Arial, sans-serif; font-size: 14px;"><span><span>Upstream references:</span></span></div><div style="font-family: Arial, sans-serif; font-size: 14px;"><span><span><br></span></span></div><div style="font-family: Arial, sans-serif; font-size: 14px;">This requirement was dropped for ECDSA certificates in 11.5.0:</div><div style="font-family: Arial, sans-serif; font-size: 14px;"><span><a target="_blank" rel="noreferrer nofollow noopener" href="https://gitlab.com/libvirt/libvirt/-/commit/11867b0224a2b8dc34755ff0ace446b6842df1c1">https://gitlab.com/libvirt/libvirt/-/commit/11867b0224a2b8dc34755ff0ace446b6842df1c1</a></span></div><div style="font-family: Arial, sans-serif; font-size: 14px;"><br></div><div style="font-family: Arial, sans-serif; font-size: 14px;">The requirement was dropped altogether in 11.6.0:</div><div style="font-family: Arial, sans-serif; font-size: 14px;"><span><a target="_blank" rel="noreferrer nofollow noopener" href="https://gitlab.com/libvirt/libvirt/-/commit/8cecd3249e5fa5478a7c53567971b4d969274ea3">https://gitlab.com/libvirt/libvirt/-/commit/8cecd3249e5fa5478a7c53567971b4d969274ea3</a></span></div><div style="font-family: Arial, sans-serif; font-size: 14px;"><br></div><div style="font-family: Arial, sans-serif; font-size: 14px;">Tests were corrected in: <span><a target="_blank" rel="noreferrer nofollow noopener" href="https://gitlab.com/libvirt/libvirt/-/commit/e67952b0e612c9ad3c3eec8bb692589602953ee8">https://gitlab.com/libvirt/libvirt/-/commit/e67952b0e612c9ad3c3eec8bb692589602953ee8</a></span></div><div style="font-family: Arial, sans-serif; font-size: 14px;"><br></div><div style="font-family: Arial, sans-serif; font-size: 14px; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">Thanks in advance,</div><div style="font-family: Arial, sans-serif; font-size: 14px; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);"><br></div><div style="font-family: Arial, sans-serif; font-size: 14px; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">Karel Van Hecke</div><div style="font-family: Arial, sans-serif; font-size: 14px;"><span><br></span></div><div style="font-family: Arial, sans-serif; font-size: 14px;"><span><br></span></div>
<div style="font-family: Arial, sans-serif; font-size: 14px;" class="protonmail_signature_block protonmail_signature_block-empty">
    <div class="protonmail_signature_block-user protonmail_signature_block-empty"></div>
    
            <div class="protonmail_signature_block-proton protonmail_signature_block-empty">
        
            </div>
</div>