From Fedora Project Wiki
No edit summary |
No edit summary |
||
| (18 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
The following table helps track the status of [ | The following table helps track the status of [[Changes/CryptoPolicy|System wide crypto policies]] deployment within Fedora. The current deployment is restricted on SSL/TLS libraries, but the greater idea is to extend them to all applications which involve crypto. If you believe some existing crypto subsystem can benefit of them, contact me or open an issue in [https://github.com/nmav/fedora-crypto-policies] for it. | ||
{| | {| | ||
! Functionality !! Software involved !! Tracker bugs !! Planned for !! Status | ! Functionality !! Software involved !! Tracker bugs !! Planned for !! Status | ||
|- | |- | ||
| SSL/TLS || gnutls || https://bugzilla.redhat.com/show_bug.cgi?id=1179209 || F21 | | SSL/TLS || gnutls || https://bugzilla.redhat.com/show_bug.cgi?id=1179209 || F21 || Completed | ||
|- | |- | ||
| || openssl || https://bugzilla.redhat.com/show_bug.cgi?id=1179209 || F21 | | || openssl || https://bugzilla.redhat.com/show_bug.cgi?id=1179209 || F21 || Partial policy support (ciphersuites only) using custom patch in F21. | ||
There is | There is [https://github.com/openssl/openssl/pull/192 Upstream bug for incorporation]. More complete support planned possibly with a downstream-only approach as upstream does not welcome such changes. Full support is planned for F29. | ||
|- | |- | ||
| || NSS || https://bugzilla.redhat.com/show_bug.cgi?id=1157720 || | | || NSS || https://bugzilla.redhat.com/show_bug.cgi?id=1157720 || F25 || Completed | ||
|- | |- | ||
| || Java || || || | | || Java || https://bugzilla.redhat.com/show_bug.cgi?id=1249083 || F25 || Completed in F26 | ||
|- | |- | ||
|SSH || openssh || || || | |SSH client || openssh || https://bugzilla.redhat.com/show_bug.cgi?id=1225752 || F25 || Completed | ||
|- | |- | ||
| | |SSH server|| openssh || https://fedoraproject.org/wiki/Changes/OpenSSH_Server_Crypto_Policy || F27 || Completed | ||
|- | |- | ||
|DNSSEC || BIND || https://bugzilla.redhat.com/show_bug.cgi?id=1179925 || F23 || | |Kerberos || krb5 || https://bugzilla.redhat.com/show_bug.cgi?id=1225792 || F24 || Completed (client side, KDC wontfix) | ||
|- | |||
|DNSSEC || BIND || https://bugzilla.redhat.com/show_bug.cgi?id=1179925 || F23 || Completed | |||
|} | |} | ||
Latest revision as of 08:39, 27 July 2018
The following table helps track the status of System wide crypto policies deployment within Fedora. The current deployment is restricted on SSL/TLS libraries, but the greater idea is to extend them to all applications which involve crypto. If you believe some existing crypto subsystem can benefit of them, contact me or open an issue in [1] for it.
| Functionality | Software involved | Tracker bugs | Planned for | Status |
|---|---|---|---|---|
| SSL/TLS | gnutls | https://bugzilla.redhat.com/show_bug.cgi?id=1179209 | F21 | Completed |
| openssl | https://bugzilla.redhat.com/show_bug.cgi?id=1179209 | F21 | Partial policy support (ciphersuites only) using custom patch in F21.
There is Upstream bug for incorporation. More complete support planned possibly with a downstream-only approach as upstream does not welcome such changes. Full support is planned for F29. | |
| NSS | https://bugzilla.redhat.com/show_bug.cgi?id=1157720 | F25 | Completed | |
| Java | https://bugzilla.redhat.com/show_bug.cgi?id=1249083 | F25 | Completed in F26 | |
| SSH client | openssh | https://bugzilla.redhat.com/show_bug.cgi?id=1225752 | F25 | Completed |
| SSH server | openssh | https://fedoraproject.org/wiki/Changes/OpenSSH_Server_Crypto_Policy | F27 | Completed |
| Kerberos | krb5 | https://bugzilla.redhat.com/show_bug.cgi?id=1225792 | F24 | Completed (client side, KDC wontfix) |
| DNSSEC | BIND | https://bugzilla.redhat.com/show_bug.cgi?id=1179925 | F23 | Completed |