Re: F29 System Wide Change: Strong crypto settings: phase 2

> Okay, so IIUC now, this is an all-or-nothing kind of change. If I > elect/need to use LEGACY to administer some old hardware that I > cannot > otherwise connect to using the defaults, then I'm compromising that > host's security for anything/everything its used for until it's taken > back off LEGACY and returned to whatever the non-LEGACY is called. > Do I > have it right now? Yes, except one thing. Just by switching to LEGACY it does not mean you're compromising the host's security. The protocol negotiation and ciphersuite ordering still applies and it will use the best available protocol and ciphersuite and not some random insecure protocol version and ciphersuite. The insecure protocols and ciphersuites will be used only in the case the other end does not know anything better.