F21 System Wide Change: System-wide crypto policy
Omair Majid
omajid at redhat.com
Fri Feb 28 17:45:06 UTC 2014
* Jaroslav Reznik <jreznik at redhat.com> [2014-02-27 11:25]:
> = Proposed System Wide Change: System-wide crypto policy =
> https://fedoraproject.org/wiki/Changes/CryptoPolicy
>
> An idea of how this will be implemented is to have each Fedora
> application's configuration file or compilation option will set a
> system default option. That is for example for applications that use
> GnuTLS or OpenSSL a priority string or cipher named "SYSTEM". Then
> the shipped library will make sure that once the "SYSTEM" option is
> encountered the preconfigured system settings will be applied.
> == Scope ==
> There are changes required in GnuTLS, OpenSSL and NSS libraries. On a second
> phase non-SSL crypto libraries could use these settings.
What about applications that do not use GnuTLS, OpenSSL and NSS? I
believe both OpenJDK and Bouncy Castle fall under this category.
Thanks,
Omair
--
PGP Key: 66484681 (http://pgp.mit.edu/)
Fingerprint = F072 555B 0A17 3957 4E95 0056 F286 F14F 6648 4681
More information about the devel
mailing list