On Wed, 2015-01-07 at 09:18 +0100, Petr Spacek wrote: > > Currently it contains bugs filled against openssl and gnutls > > applications in Fedora. If you use some application which utilizes > > SSL/TLS and isn't included in the tracker feel free to request it use > > the policy, and include a link to the bug report in the tracker. > > > > The tracker also contains a dependency on NSS respecting the system > > crypto policy: https://bugzilla.redhat.com/show_bug.cgi?id=1157720 > > I wonder what is your plan moving forward. Is it going to be 'TLS policy'? Or > are you planning to generalize it in future? The greater plan was to apply to all crypto protocol apps. That depends of course on turning various non-compatible knobs on different software. My plan is to extend the policies step by step, but if you or anyone else would feel like extending it now to an application or protocol he/she uses, feel free. I've put a tracker page at: https://fedoraproject.org/wiki/User:Nmav/FedoraCryptoPolicies > E.g. DNSSEC-related software can be configured which algorithm list and key > sizes too. I guess that the same applies to GnuPG. The difficult part as I see it now is having each application/library involved get its settings from a preconfigured file that is automatically generated. If that is straightforward then only a translation from existing three policies (LEGACY, DEFAULT, FUTURE), to the application's format is needed. regards, Nikos -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
