Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 907165 Details for
Bug 1107633
System-wide crypto policy
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Patch adding CryptoPolicy text
Added-CryptoPolicy_feature.patch (text/plain), 4.99 KB, created by
Eric Christensen
on 2014-06-10 11:23:38 UTC
(
hide
)
Description:
Patch adding CryptoPolicy text
Filename:
MIME Type:
Creator:
Eric Christensen
Created:
2014-06-10 11:23:38 UTC
Size:
4.99 KB
patch
obsolete
>From fbd5d9f0dc061871cf40207944fd5dcf59cf1e7d Mon Sep 17 00:00:00 2001 >From: Eric H Christensen <sparks@redhat.com> >Date: Fri, 28 Feb 2014 13:47:43 -0500 >Subject: [PATCH 1/2] Added CryptoPolicy feature > >--- > en-US/Encryption.xml | 6 ++++++ > 1 file changed, 6 insertions(+) > >diff --git a/en-US/Encryption.xml b/en-US/Encryption.xml >index cb8fa28..9899e80 100644 >--- a/en-US/Encryption.xml >+++ b/en-US/Encryption.xml >@@ -68,4 +68,10 @@ AuthorizedKeysFile .ssh/authorized_keys</screen>The first line tells the SSH pro > <xi:include href="7_Zip.xml" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include> > <xi:include href="Using_GPG.xml" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include> > </section> >+ <section id="Security_Guide-Encryption-CryptoPolicy"> >+ <title>Crypto Policy</title> >+ <para>Beginning in Fedora 21, a system-wide crypto policy will be available for users to quickly setup the cryptographic options for their systems. Users that must meet certain cryptographic standards can make the policy change in two place, <filename>/usr/lib/crypto-profiles/config</filename> and <filename>/etc/crypto-profiles/config</filename> and all ciphers used on the system should meet the policy requirements.</para> >+ <para>Some of the options include LEVEL-80, LEVEL-112, LEVEL-128, LEVEL-256, or ENISA-LEGACY, ENISA-FUTURE, SUITEB-128, SUITEB-256. The current proposal only affects SSL/TLS settings, including elliptic curve, signature hash functions, and ciphersuites and key sizes.</para> >+ <para>Additional information on this new feature can be found on the <ulink url="https://fedoraproject.org/wiki/Changes/CryptoPolicy">CryptoPolicy Changes wiki page</ulink>.</para> >+ </section> > </chapter> >-- >1.9.3 > > >From 4e5cdf3ba2c32e2c5ce5f4953546d6b0b0500648 Mon Sep 17 00:00:00 2001 >From: Eric H Christensen <sparks@redhat.com> >Date: Tue, 10 Jun 2014 07:19:45 -0400 >Subject: [PATCH 2/2] Updated CryptoPolicy text to latest from developer. > >--- > en-US/Encryption.xml | 13 +++++++------ > 1 file changed, 7 insertions(+), 6 deletions(-) > >diff --git a/en-US/Encryption.xml b/en-US/Encryption.xml >index 9899e80..2331044 100644 >--- a/en-US/Encryption.xml >+++ b/en-US/Encryption.xml >@@ -64,14 +64,15 @@ AuthorizedKeysFile .ssh/authorized_keys</screen>The first line tells the SSH pro > <para>Similarly to passwords and any other authentication mechanism, you should change your <application>SSH</application> keys regularly. When you do make sure you clean out any unused key from the authorized_key file.</para> > </section> > </section> >+ <section id="Security_Guide-Encryption-CryptoPolicy"> >+ <title>Crypto Policy</title> >+ <para>Beginning in Fedora 21, a system-wide crypto policy will be available for users to quickly setup the cryptographic options for their systems. Users that must meet certain cryptographic standards can make the policy change in <filename>/etc/crypto-policies/config</filename>, and run update-crypto-policies. At this point applications that are utilize the default set of ciphers in the GnuTLS and OpenSSL libraries will follow the policy requirements.</para> >+ <para>The available options are: (1) <literal>LEGACY</literal>, which ensures compatibility with legacy systems - 64-bit security, (2) <literal>DEFAULT</literal>, a reasonable default for today's standards - 80-bit security, and (3) <literal>FUTURE</literal>, a conservative level that is believed to withstand any near-term future attacks - 128-bit security. These levels affect SSL/TLS settings, including elliptic curve, signature hash functions, and ciphersuites and key sizes.</para> >+ <para>Additional information on this new feature can be found on the <ulink url="https://fedoraproject.org/wiki/Changes/CryptoPolicy">CryptoPolicy Changes wiki page</ulink>.</para> >+ </section> >+ > <xi:include href="LUKSDiskEncryption.xml" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include> > <xi:include href="7_Zip.xml" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include> > <xi:include href="Using_GPG.xml" xmlns:xi="http://www.w3.org/2001/XInclude"></xi:include> > </section> >- <section id="Security_Guide-Encryption-CryptoPolicy"> >- <title>Crypto Policy</title> >- <para>Beginning in Fedora 21, a system-wide crypto policy will be available for users to quickly setup the cryptographic options for their systems. Users that must meet certain cryptographic standards can make the policy change in two place, <filename>/usr/lib/crypto-profiles/config</filename> and <filename>/etc/crypto-profiles/config</filename> and all ciphers used on the system should meet the policy requirements.</para> >- <para>Some of the options include LEVEL-80, LEVEL-112, LEVEL-128, LEVEL-256, or ENISA-LEGACY, ENISA-FUTURE, SUITEB-128, SUITEB-256. The current proposal only affects SSL/TLS settings, including elliptic curve, signature hash functions, and ciphersuites and key sizes.</para> >- <para>Additional information on this new feature can be found on the <ulink url="https://fedoraproject.org/wiki/Changes/CryptoPolicy">CryptoPolicy Changes wiki page</ulink>.</para> >- </section> > </chapter> >-- >1.9.3 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=907165">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1107633
: 907165