System-wide crypto policy transition tracker
Christopher
ctubbsii-fedora at apache.org
Tue Jan 6 17:16:26 UTC 2015
On Tue, Jan 6, 2015 at 10:20 AM, Nikos Mavrogiannopoulos <nmav at redhat.com>
wrote:
> Hello,
> I've created a transition tracker to system-wide crypto policy at:
> https://bugzilla.redhat.com/show_bug.cgi?id=1179209
>
> Currently it contains bugs filled against openssl and gnutls
> applications in Fedora. If you use some application which utilizes
> SSL/TLS and isn't included in the tracker feel free to request it use
> the policy, and include a link to the bug report in the tracker.
>
> The tracker also contains a dependency on NSS respecting the system
> crypto policy: https://bugzilla.redhat.com/show_bug.cgi?id=1157720
>
> regards,
> Nikos
>
Are there any guidelines for enforcing crypto policies in Java applications.
Primarily, I was thinking about those Java applications that use JSSE
system properties or similar user-driven configuration to specify
keystores. Are those affected by this crypto policy at all?
Also, what about situations where SSL/TLS is off by default in the
application, but is an available as an optional feature, if the user
configures it? Since users are obliged to configure it, it seems there's
not much for a packager to do in those situations, because that depends on
the user's configuration, right?
Thanks,
Christopher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150106/4eac71b1/attachment.html>
More information about the devel
mailing list