Re: F37 Proposal: Strong crypto settings: phase 3, forewarning 1/2 (System-Wide Change proposal)
On 5/2/22 08:56, Ian Pilcher wrote:
IMO, there's a rather desperate need to be able to override the system- wide policy for individual processes, maybe via some sort of wrapper around one of the containerization technologies.
Just FYI, I managed to bang out a proof of concept of a "wrapper" that runs a program with a different crypto policy. I've successfully used it to connect to a TLSv1-only HTTP server with both Firefox and curl on a Fedora 36 system running the DEFAULT crypto policy.
https://bugzilla.redhat.com/show_bug.cgi?id=2064740#c8
On 5/23/22 08:49, Ian Pilcher wrote:
Just FYI, I managed to bang out a proof of concept of a "wrapper" that runs a program with a different crypto policy. I've successfully used it to connect to a TLSv1-only HTTP server with both Firefox and curl on a Fedora 36 system running the DEFAULT crypto policy.
Wrong list. Apologies.
-
Ian Pilcher