From Fedora Project Wiki

< User:Nmav

Revision as of 08:15, 8 August 2014 by Nmav (talk | contribs) (Created page with "== Enforce system crypto policies == Since Fedora 21 (http://fedoraproject.org/wiki/Changes/CryptoPolicy) there are policies for the usage of SSL and TLS cryptographic protoco...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Enforce system crypto policies

Since Fedora 21 (http://fedoraproject.org/wiki/Changes/CryptoPolicy) there are policies for the usage of SSL and TLS cryptographic protocols that are enforced system-wide. Each application being added in Fedora must be checked to comply with the policies. Currently the policies are restricted to applications using GnuTLS and OpenSSL.

  • OpenSSL applications: If the application provides a configuration file that allows to modify the cipher list string, ensure that the default is "PROFILE=SYSTEM". Otherwise, if the application doesn't have a configuration file, ensure that there is no default cipher list specified, or that the default list is set as "PROFILE=SYSTEM".
  • GnuTLS applications: If the application provides a configuration file that allows to modify the cipher priority string, ensure that the default is "@SYSTEM". Otherwise, if the application doesn't have a configuration file, ensure that it uses gnutls_set_default_priority(), or that the default priority string is "@SYSTEM".

Applications utilizing other cryptographic libraries do not adhere to the system wide crypto policies.

Retrieved from "https://fedoraproject.org/w/index.php?title=User:Nmav/CryptoPolicies&oldid=383728"