This is an automated email from the git hooks/post-receive script.
immanetize pushed a commit to branch f26
in repository release-notes.
commit ad11dcdc8ee202074c88c25b951e1d0797acbad5
Author: Pete Travis <immanetize(a)fedoraproject.org>
Date: Fri Jun 30 19:01:17 2017 -0500
Java system wide crypto
---
en-US/Security.xml | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/en-US/Security.xml b/en-US/Security.xml
index e149478..770af8d 100644
--- a/en-US/Security.xml
+++ b/en-US/Security.xml
@@ -23,13 +23,22 @@
With Fedora 26, two more things will use the system-wide crypto policy,
<systemitem>OpenSSH</systemitem> and
<systemitem>Java</systemitem>.
</para>
<formalpara>
- <title>OpenSSH Crypt</title>
+ <title>OpenSSH Crypto</title>
<para>
OpenSSH clients will use system preferred key exchange algorithms, encryption
ciphers, and message authentication code (MAC) algorithms.
This is enabled by an <literal>Include</literal> directive in
<filename>/etc/ssh/ssh_config</filename> to include directives in
<filename>/etc/ssh/ssh_config.d/*.conf</filename>, which pulls in
<filename>/etc/crypto-policies/back-ends/openssh.config</filename>.
</para>
</formalpara>
+ <formalpara>
+ <title>Java Crypto</title>
+ <para>
+ OpenJDK has been modified to read additional security properties from the
generated crypto policies file at
<filename>/etc/crypto-policies/back-ends/java.config</filename>
+ </para>
+ </formalpara>
+ <para>
+ This change may affect connections to legacy systems that do not support more
strict crypto policies. While it is possible to switch the system profile from DEFAULT to
LEGACY, or to set <literal>security.useSystemPropertiesFile=false</literal> in
a project's <filename>java.security</filename> file (refer to <ulink
url="https://docs.oracle.com/javase/8/docs/technotes/guides/security...
/>), it would be best to also update legacy applications to modern security standards.
+ </para>
</section>
</section>
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.