On Wed, Sep 11, 2024 at 4:18 PM Sérgio Basto <sergio@xxxxxxxxxx> wrote: > > In 2015-12-14 was written this [1] I don't see a way to workaround it > > [1] > https://bugzilla.redhat.com/show_bug.cgi?id=1067697#c3 > I would view enabling EC curves smaller than 256 bits as a security > regression. So I am wontfixing this bug. > > > https://bugzilla.redhat.com/show_bug.cgi?id=1067697#c4 > +1 to the WONTFIX > > They are too weak to support. And since most applications have no way > to control which ones are enabled, we would need to enable them by > default too, that would be serious security regression (even 256 bit > curves have a shadow of doubt on them). > > Enabling them will bring serious security issues with little to no > additional compatibility. I don't understand this argument. We're talking mostly about making the build and maintenance of openssl easier. Even if these curves would be considered "too weak", they would just not be enabled in the default crypto policy. Fabio -- _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
