On Thu, 2014-02-27 at 08:42 -0800, Toshio Kuratomi wrote: > > After that the administrator should be assured that any application > > that uses the system settings will follow a policy that adheres to > > the configured profile. > > Ideally setting a profile should be setting: > > * the acceptable TLS/SSL (and DTLS) versions > > * the acceptable ciphersuites and the preferred order > > * acceptable parameters in certificates and key exchange, i.e.: > > ** the minimum acceptable size of parameters (DH,ECDH,RSA,DSA,ECDSA) > > ** the acceptable elliptic curves (ECDH,ECDSA) > > ** the acceptable signature hash functions > > * other TLS options such as: > > ** safe renegotiation > > > Does this configuration limit the algorithms that are available or > only the options that can be given to those algorithms or only the > default values of those algorithms? I'm not sure I fully understand the question. This configuration will limit the available algorithms (e.g., will disable RC4), but it will also limit some options of the algorithms (e.g., RSA using 1024 bits or more - at least for the libraries that have support for such options). Does this answer your question? regards, Nikos -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
