Hello Tor team.
I’ve tried to configure my RHEL-derived (RockyLinux) server to use stronger cryptography (so-called FUTURE crypto policies) and both the Rocky Linux and Tor rpm repositories forced me to pull back my change.
Issue stems from the current intermediary Letsencrypt certificate (the R12) which is of type RSA 2048 (<4096 is an issue).
Letsencrypt does nowadays have “stronger” intermediary certificates,and those would help out with this stricter policy.
For reference I’ve also asked around in the Rocky Linux forum to get that sorted, hopefully.