Hello, I plan to submit the following text for packaging guidelines regarding crypto policies. Are there any comments or suggestions? Since Fedora 21 (http://fedoraproject.org/wiki/Changes/CryptoPolicy) there are policies for the usage of SSL and TLS cryptographic protocols that are enforced system-wide. Each application being added in Fedora must be checked to comply with the policies. Currently the policies are restricted to applications using GnuTLS and OpenSSL. * OpenSSL applications: If the application provides a configuration file that allows to modify the cipher list string, ensure that the default is "PROFILE=SYSTEM". Otherwise, if the application doesn't have a configuration file, ensure that there is no default cipher list specified, or that the default list is set as "PROFILE=SYSTEM". * GnuTLS applications: If the application provides a configuration file that allows to modify the cipher priority string, ensure that the default is "@SYSTEM". Otherwise, if the application doesn't have a configuration file, ensure that it uses gnutls_set_default_priority(), or that the default priority string is "@SYSTEM". Applications utilizing other cryptographic libraries do not adhere to the system wide crypto policies. regards, Nikos -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
