Re: enforcing a consistent crypto policy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2014-01-16 at 11:57 -0500, Hubert Kario wrote:

> > Hello,
> >  I am working on a draft common crypto policy for Fedora. The idea is to
> > be able to set a security level for all TLS/SSL connections in a system
> > (which will of course allow the user to use any application-specific
> > overrides).
> > The draft change is at:
> > https://fedoraproject.org/wiki/Changes/CryptoPolicy
> > and is not submitted yet as I'd appreciate any comments, suggestions for
> > improvement or any help in implementing it. The current policy is
> > restricted to TLS and SSL libraries to have a manageable work effort but
> > the idea is to convert gradually all crypto applications and libraries.
> Order of cipher suites is just as important as which ones are enabled.

Hello Hubert,
 Indeed, an ordered list was meant and I've clarified that.

> "minimum acceptable size of parameters" is missing ECDHE, and I'm assuming
> that by DH you mean ephemeral version of it. Specifying it explicitly may
> be a good idea.

updated.

regards,
Nikos


--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux