From Fedora Project Wiki

(15 intermediate revisions by 5 users not shown)
Line 1: Line 1:
== Crypto Policy ==
<para>Beginning in Fedora 21, a system-wide crypto policy will be available for users to quickly setup the cryptographic options for their systems.  Users that must meet certain cryptographic standards can make the policy change in <filename>//etc/crypto-policies/config</filename>, and run update-crypto-policies. At this point applications that utilize the default set of ciphers in the GnuTLS and OpenSSL libraries will follow the policy requirements.</para>
<para>The available options are: (1) <literal>LEGACY</literal>, which ensures compatibility with legacy systems - 64-bit security, (2) <literal>DEFAULT</literal>, a reasonable default for today's standards - 80-bit security, and (3) <literal>FUTURE</literal>, a conservative level that is believed to withstand any near-term future attacks - 128-bit security.  These levels affect SSL/TLS settings, including elliptic curve, signature hash functions, and ciphersuites and key sizes.</para>
<para>Additional information on this new feature can be found on the <ulink url="">CryptoPolicy Changes wiki page</ulink>.</para>
== systemd PrivateDevices and PrivateNetwork ==
Fedora is now more secure, as many long-running '''systemd''' services now run with physical device access and/or network access turned off. See [] (NOTE:xref)
== Format Security ==
Starting with Fedora 21, all packages built by GCC will compile with the flag *-Werror=format-security* .  While this change has no user-visible change, it represents a substantial effort by Fedora packagers to protect your system from an entire class of vulnerability.
You can learn more about the security issues mitigated by Fedora's defensive security practices at
[[Category:Docs Project]]
[[Category:Docs Project]]
[[Category:Draft documentation]]
[[Category:Draft documentation]]
[[Category:Documentation beats]]
[[Category:Documentation beats]]

Latest revision as of 01:33, 20 September 2016

DocsProject Header docTeam1.png

Beat Closed on Wiki
Work on beats has now moved to git at If you have changes or additions, please contact the docs team via #fedora-docs,, or with the release-notes BZ component.