On Thu, 2014-01-16 at 11:57 -0500, Hubert Kario wrote: > > Hello, > > I am working on a draft common crypto policy for Fedora. The idea is to > > be able to set a security level for all TLS/SSL connections in a system > > (which will of course allow the user to use any application-specific > > overrides). > > The draft change is at: > > https://fedoraproject.org/wiki/Changes/CryptoPolicy > > and is not submitted yet as I'd appreciate any comments, suggestions for > > improvement or any help in implementing it. The current policy is > > restricted to TLS and SSL libraries to have a manageable work effort but > > the idea is to convert gradually all crypto applications and libraries. > Order of cipher suites is just as important as which ones are enabled. Hello Hubert, Indeed, an ordered list was meant and I've clarified that. > "minimum acceptable size of parameters" is missing ECDHE, and I'm assuming > that by DH you mean ephemeral version of it. Specifying it explicitly may > be a good idea. updated. regards, Nikos -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
