On Tue, 2018-06-05 at 16:34 -0400, John Florian wrote: > On 06/05/2018 12:25 PM, Tomas Mraz wrote: > > On Tue, 2018-06-05 at 16:11 +0000, Christian Stadelmann wrote: > > > "Fallback option" always smells like "protocol downgrade attack". > > > This would undermine the idea of a crypto policy. Anyway, > > > implementing it seems way out of scope for the crypto policy. > > > > Yes, a fallback option is a no-way. You can switch the system > > policy to > > LEGACY, however that does not necessarily mean that some very old > > legacy HW will start to work with Firefox or another web browser, > > because with newer versions of the browsers and newer versions of > > TLS/crypto libraries some very old and insecure algorithm and > > protocol > > support is being also removed. > > > > Makes sense, but what is the best way to deal with such old HW if > you're > stuck with it? I don't want to compromise my workstation for all my > normal needs just to deal with some ancient embedded https server, Isn't this what we are actually doing to fedora? We keep options which we know they are insecure in the default settings to achieve compatibility. This change is about switching to secure mode by default. regards, Nikos _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/JRLMUVA7DDDYWATWMQHMX2VSIP4F6GKB/
