* Jaroslav Reznik <jreznik(a)redhat.com> [2014-02-27 11:25]:
= Proposed System Wide Change: System-wide crypto policy =
https://fedoraproject.org/wiki/Changes/CryptoPolicy
An idea of how this will be implemented is to have each Fedora
application's configuration file or compilation option will set a
system default option. That is for example for applications that use
GnuTLS or OpenSSL a priority string or cipher named "SYSTEM". Then
the shipped library will make sure that once the "SYSTEM" option is
encountered the preconfigured system settings will be applied.
== Scope ==
There are changes required in GnuTLS, OpenSSL and NSS libraries. On a second
phase non-SSL crypto libraries could use these settings.
What about applications that do not use GnuTLS, OpenSSL and NSS? I
believe both OpenJDK and Bouncy Castle fall under this category.
Thanks,
Omair
--
PGP Key: 66484681 (
http://pgp.mit.edu/)
Fingerprint = F072 555B 0A17 3957 4E95 0056 F286 F14F 6648 4681