On Wed, Sep 28, 2016 at 03:13:34PM +0100, Tomasz Kłoczko wrote:
Is it any official Fedora policy/call to move away from openssl?
As far as I know, no. There was this attempt:
https://fedoraproject.org/wiki/FedoraCryptoConsolidation
but as the top of the page notes, the effort has been abandoned. (It's
basically impossible to change every project in the world.) From that
document, though:
The libraries that should be preferred instead of arbitrary other
crypto stacks are (in the order of the preference):
1. NSS
2. GNUTLS (with nettle as crypto backend, but nettle never used
directly by applications)
3. OpenSSL
4. libgcrypt
and it might be reasonable to keep this as a "if possible, please
prefer" policy rather than a mandate.
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader