Bug 1108597

Summary: Use the system crypto policy unless otherwise specified
Product: [Fedora] Fedora Reporter: Nikos Mavrogiannopoulos <nmavrogi>
Component: lftpAssignee: Jiri Skala <jskala>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: aglotov, jskala, pertusus
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-07-08 10:21:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1076390    

Description Nikos Mavrogiannopoulos 2014-06-12 10:01:38 UTC 
Please convert to use the system's crypto policy for SSL and TLS:
https://fedoraproject.org/wiki/Changes/CryptoPolicy#Scope

If this program is compiled against gnutls, change the default priority string to be "@SYSTEM" or to use gnutls_set_default_priority().

If this program is compiled against openssl, and there is no default cipher list specified, you don't need to modify it. Otherwise replace the default cipher list with "PROFILE=SYSTEM".

If this program obtains its cipher list (or priority) using a configuration file, please update the shipped configuration files with the appropriate string that sets the system policy.

In all cases please verify (as described in the URL above) that the application uses the system's crypto profiles.
Comment 1 Nikos Mavrogiannopoulos 2014-07-04 10:57:54 UTC 
A quick reminder; this is a blocker for #1076390. if you have no resources to pursue that please contact me.
Comment 2 Jiri Skala 2014-07-08 10:21:05 UTC 
lftp is built with gnutls and the function gnutls_set_default_priority() is called in the function lftp_ssl_gnutls() of source file lftp_ssl.cc.
lftp doesn't define an option to set ciphers explicitly.

With respect to information above I'm going to close the bug with the status 'notabug'.