It's my understanding that there's been some recent work to move openjdk to certain NSS security providers (for EC, for example). But, I think you already answered my (poorly worded) question. Thanks.


On Mon, May 23, 2016, 04:01 Nikos Mavrogiannopoulos <nmav@redhat.com> wrote:
The impact in what sense? Note that openjdk will also conform to the
system wide policy.

regards,
Nikos

On Fri, 2016-05-20 at 15:24 +0000, Christopher wrote:
> What is the impact on openjdk crypto providers?
>
> On Fri, May 20, 2016, 05:49 Jan Kurik <jkurik@redhat.com> wrote:
> > = Proposed Self Contained Change: NSS enforces the system-wide
> > crypto policy =
> > https://fedoraproject.org/wiki/Changes/NSSCryptoPolicies
> >
> > Change owner(s):
> > * Nikos Mavrogiannopoulos <nmav AT redhat DOT com>
> >
> > As it is now, the System-wide crypto policy in F24 is only enforced
> > by
> > the OpenSSL and GnuTLS TLS libraries. To harmonize crypto in
> > Fedora,
> > NSS is enhanced to respect the settings of the system-wide crypto
> > policy as well.
> >
> > == Detailed Description ==
> > As it is now, the System-wide crypto policy in F24 is only enforced
> > by
> > the OpenSSL and GnuTLS TLS libraries. To harmonize crypto in
> > Fedora,
> > NSS is enhanced to respect the settings of the system-wide crypto
> > policy as well.
> > After that change the administrator should be assured that any
> > application that uses NSS will follow a policy that adheres to the
> > configured profile.
> >
> >
> > == Scope ==
> > * Proposal owners:
> > The change requires modifying the NSS library to read a policy
> > generated by the crypto-policy package.
> >
> > * Other developers:
> > There are no required actions by other developers. The change
> > requires
> > only targeted changes to NSS.
> >
> > * Release engineering:
> > No actions required.
> >
> > * Policies and guidelines:
> > - The packaging guidelines for crypto policies need to be modified
> > to
> > include NSS in the list of libraries supporting the policies.
> > - The text "(note that adherence to the system-wide policies is
> > work
> > in progress for NSS libraries)" must be removed
> > - The text "Currently the policies are restricted to applications
> > using GnuTLS and OpenSSL" must be changed to include NSS.
> >
> > * Trademark approval:
> > N/A (not needed for this Change)
> > --
> > Jan Kuřík
> > Platform & Fedora Program Manager
> > Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
> > --
> > devel mailing list
> > devel@lists.fedoraproject.org
> > http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraprojec
> > t.org
> >
> --
> devel mailing list
> devel@lists.fedoraproject.org
> http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.
> org
--
Nikos Mavrogiannopoulos, PhD,
Crypto Tech. Lead,
Security Technologies,
Red Hat, Inc.





--
devel mailing list
devel@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org