https://bugzilla.redhat.com/show_bug.cgi?id=2182151 --- Comment #25 from Jeff Layton <jlayton@xxxxxxxxxx> --- This is a reasonable request, but it'll take a bit longer: FIX: The daemon does not respect distribution-wide crypto policies. It enables algorithms in tlshd_make_priorities_string() based on what Linux supported at build time of this package. Ideally the daemon should consult crypto policy <https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/> and only enable a disjunction of what Linux offers and what user-space crypto policy mandates. Please contact <security@xxxxxxxxxxxxxxxxxxxxxxx> for help. There is a possibility that Linux already does that in other way. Please get a crypto review from the security team on that mailing list. For this, I think we need to vet each cipher and only enable the ones that are in the current priority list. That might be doable via gnutls_priority_cipher_list(3) but I'll need to experiment. -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2182151 _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
