F23 System Wide Change: Disable SSL3 and RC4 by default
Debarshi Ray
rishi.is at lostca.se
Wed May 6 16:30:04 UTC 2015
On Tue, Apr 28, 2015 at 04:51:32PM +0200, Nikos Mavrogiannopoulos wrote:
> The plan is to allow re-enabling by switching the system to legacy
> crypto policy. That would work for RC4. For SSL 3.0, since OpenSSL
> doesn't provide knobs to enable or disable on runtime, that will not be
> possible. However, according to Tomas Mraz openssl already disables SSL
> 3.0 in F22, and there were no major issues reported so that would be no
> issue.
Could you please clarify it in the "Upgrade/compatibility impact" part
of the change proposal? The current text is cryptic and having some
clear information about this plan will be useful.
Thanks,
Debarshi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150506/e2b7cc2b/attachment.sig>
More information about the devel
mailing list