F26 Self Contained Change: OpenSSH Crypto Policy (Client)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

= Proposed Self Contained Change: OpenSSH Crypto Policy (Client) =
https://fedoraproject.org/wiki/Changes/OpenSSH_Crypto_Policy

Change owner(s):
* Jakub Jelen < jjelen AT redhat DOT com >

OpenSSH client will follow system-wide crypto policies already
followed by other cryptographic libraries and tools. It will allow to
use different security levels defined system-wide.


== Detailed Description ==
Currently, the set of cryptographic algorithms used in OpenSSH is
defined by upstream and Fedora just inherits what upstream considers
secure. If there are special requirements for the security, manual
modifications of the configuration files is required, which also
prevents package manager to update the configuration file with future
updates and can possibly leave enabled insecure algorithms.

Since Fedora 25 we have possibility to include configuration files
from the main ssh_config, which allowed us to include crypto policies
in the OpenSSH (client).

For more information about Crypto Policy, see the appropriate wiki
page Changes/CryptoPolicy describing the concept in whole.


== Scope ==
* Proposal owners: Default OpenSSH configuration will include the
generated policy file containing the definition of system-wide enabled
algorithms. The include must be before any other options so user
changes would not unintentionally get used instead of system-wide
policy. The policy preview is already available in the pull request on
github [ https://github.com/nmav/fedora-crypto-policies/pull/8 ].

* Other developers: N/A (not a System Wide Change)

* Release engineering: N/A (not a System Wide Change)

* List of deliverables: N/A (not a System Wide Change)

* Policies and guidelines: N/A (not a System Wide Change)

* Trademark approval: N/A (not needed for this Change)
-- 
Jan Kuřík
Platform & Fedora Program Manager
Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux