You can now test/use the crypto policy of future Fedora releases

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The current [0] crypto-policies in Rawhide contain additional policy
named as NEXT. You can switch the system to it as root via command:

update-crypto-policies --set NEXT

The difference to the current DEFAULT policy is that TLS versions 1.0
and 1.1 are disabled and the minimum key length of RSA keys and minimum
length of DH parameters are 2048 bits.

There is also a FUTURE policy which in addition to this limits also the
symmetric crypto key length to minimum of 256 bits. However as this
policy is not really useful as it does not provide post-quantum safety
for asymmetric algorithms it might be eventually dropped (aliased to
the NEXT policy).

[0] crypto-policies-20180802-1.git1626592.fc29

-- 
Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your
conscience.]
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/message/HCTK64OKDIOFCO542XPE45GREH22IGML/




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux