Rocky Linux 10 - notes
######################

Install crypto policy changing commands:
sudo dnf install crypto-policies-scripts
update-crypto-policies --show

# Use more strict modified "FUTUREDNF" crypto policy
Rocky Linux 10 - dnf fix after setting FUTURE crypto policy
###########################################################
sudo su -
cd /usr/share/crypto-policies/policies/
cp FUTURE.pol FUTUREDNF.pol
vi FUTUREDNF.pol
# change the "min_rsa_size = 3072" line to "min_rsa_size = 2048" and save
# Activate new policy
update-crypto-policies --set FUTUREDNF
# Reboot server to fully activate
reboot
#
# After reboot, this should now work:
sudo dnf update
#
#
#
Original error after enabling standard FUTURE crypto policy on Rocky Linux 10 and then trying to dnf update system:
[root@xtr policies]# dnf update
Rocky Linux 10 - BaseOS                                             0.0  B/s |   0  B     00:00
Errors during downloading metadata for repository 'baseos':
  - Curl error (60): SSL peer certificate or SSH remote key was not OK for https://mirrors.rockylinux.org/mirrorlist?arch=x86_64&repo=BaseOS-10 [SSL certificate problem: EE certificate key too weak]
Error: Failed to download metadata for repo 'baseos': Cannot prepare internal mirrorlist: Curl error (60): SSL peer certificate or SSH remote key was not OK for https://mirrors.rockylinux.org/mirrorlist?arch=x86_64&repo=BaseOS-10 [SSL certificate problem: EE certificate key too weak]