From bugzilla@redhat.com Thu Jun 4 22:41:21 2015 From: Red Hat Bugzilla To: docs-qa@lists.fedoraproject.org Subject: [Bug 1107633] New: System-wide crypto policy Date: Tue, 10 Jun 2014 11:21:53 +0000 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4744210756022702017==" --===============4744210756022702017== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable https://bugzilla.redhat.com/show_bug.cgi?id=3D1107633 Bug ID: 1107633 Summary: System-wide crypto policy Product: Fedora Documentation Version: devel Component: security-guide Keywords: Documentation, ReleaseNotes Assignee: sparks(a)redhat.com Reporter: sparks(a)redhat.com QA Contact: docs-qa(a)lists.fedoraproject.org CC: hkario(a)redhat.com, jreznik(a)redhat.com, nmavrogi(a)redhat.com, pkennedy(a)redhat.com, security-guide-list(a)redhat.com, sparks(a)redhat.com, zach(a)oglesby.co Depends On: 1076390 +++ This bug was initially created as a clone of Bug #1076390 +++ This is a tracking bug for Change: System-wide crypto policy For more details, see: http://fedoraproject.org//wiki/Changes/CryptoPolicy Unify the crypto policies used by different applications and libraries. That = is allow setting a consistent security level for crypto on all applications in a Fedora system. The implementation approach will be to initially modify SSL libraries to respect the policy and gradually adding more libraries and applications. --- Additional comment from Eric Christensen on 2014-03-24 13:40:11 EDT --- I wrote up something about this already (but can't find it) that can be used = in the Release Notes and Security Guide. As soon as I can lay my hands on it, again, I'll post it for review. --- Additional comment from Eric Christensen on 2014-03-24 14:40:25 EDT --- This is the text I'd like to use for the Release Notes and Security Guide if = it looks good to the feature owner. --- Additional comment from Nikos Mavrogiannopoulos on 2014-03-25 05:45:07 EDT --- Let's not update the release notes and manual yet, as the details are not yet fixed. I expect these to be fixed by the end of next month. --- Additional comment from Nikos Mavrogiannopoulos on 2014-06-03 07:26:05 EDT --- I've updated the proposed text for the release notes. Crypto Policy Beginning in Fedora 21, a system-wide crypto policy will be available f= or users to quickly setup the cryptographic options for their systems. Users th= at must meet certain cryptographic standards can make the policy change in //etc/crypto-policies/config, and run update-crypto-policies. At this point applications that are utilize the defau= lt set of ciphers in the GnuTLS and OpenSSL libraries will follow the policy requirements. The available options are: (1) LEGACY, which ensures compatibility with legacy systems - 64-bit security, (2) DEFAULT, a reasonable default for today= 's standards - 80-bit security, and (3) FUTURE, a conservative level that is believed to withstand any near-term future attacks -128-bit security. These levels affect SSL/TLS settings, including elliptic curve, signature hash functions, and ciphersuites and key sizes. Additional information on this new feature can be found on the CryptoPolicy Chan= ges wiki page. --- Additional comment from Eric Christensen on 2014-06-03 11:58:18 EDT --- (In reply to Nikos Mavrogiannopoulos from comment #4) Awesome, thanks! I've added it to the Security Beat (https://fedoraproject.org/wiki/Documentation_Security_Beat) and it should be in the Release Notes for F21. Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=3D1076390 [Bug 1076390] System-wide crypto policy --=20 You are receiving this mail because: You are the QA Contact for the bug. --===============4744210756022702017==-- From bugzilla@redhat.com Thu Jun 4 22:41:21 2015 From: Red Hat Bugzilla To: docs-qa@lists.fedoraproject.org Subject: [Bug 1107633] System-wide crypto policy Date: Fri, 27 Jun 2014 13:32:19 +0000 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5240571323975538019==" --===============5240571323975538019== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit https://bugzilla.redhat.com/show_bug.cgi?id=1107633 Eric Christensen changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |NEXTRELEASE Last Closed| |2014-06-27 09:32:19 -- You are receiving this mail because: You are the QA Contact for the bug. --===============5240571323975538019==-- From bugzilla@redhat.com Thu Jun 4 22:41:34 2015 From: Red Hat Bugzilla To: docs-qa@lists.fedoraproject.org Subject: [Bug 1107633] System-wide crypto policy Date: Mon, 08 Dec 2014 15:22:34 +0000 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7407588082767399059==" --===============7407588082767399059== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit https://bugzilla.redhat.com/show_bug.cgi?id=1107633 Bug 1107633 depends on bug 1076390, which changed state. Bug 1076390 Summary: System-wide crypto policy https://bugzilla.redhat.com/show_bug.cgi?id=1076390 What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |CURRENTRELEASE -- You are receiving this mail because: You are the QA Contact for the bug. --===============7407588082767399059==--