Bug 1166526

Summary: disable SSL 3.0 from the DEFAULT level
Product: [Fedora] Fedora Reporter: Nikos Mavrogiannopoulos <nmavrogi>
Component: crypto-policiesAssignee: Nikos Mavrogiannopoulos <nmavrogi>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 21CC: collura, fedora, nmavrogi, vkaigoro
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-05-28 13:57:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1166571    

Description Nikos Mavrogiannopoulos 2014-11-21 07:38:17 UTC 
The "DEFAULT" profile of crypto-policies includes SSL 3.0, and given the recent severity of the POODLE attack, it should be disabled by default. That is because software using the fallback dance is impossible to protect without disabling it.
Comment 1 Fedora Blocker Bugs Application 2014-11-21 07:42:18 UTC 
Proposed as a Freeze Exception for 21-final by Fedora user nmav using the blocker tracking app because:

 Given the severity of the poodle attack it is a good idea to update the default policies to remove SSL 3.0 support.
Comment 2 Nikos Mavrogiannopoulos 2014-11-21 10:29:50 UTC 
*** Bug 1165711 has been marked as a duplicate of this bug. ***
Comment 3 Nikos Mavrogiannopoulos 2014-11-21 10:33:47 UTC 
No longer a blocker for F21 as it has side-effects #1166571. Probably this change should be delayed for F22.
Comment 4 Nikos Mavrogiannopoulos 2014-11-25 12:14:27 UTC 
*** Bug 1153830 has been marked as a duplicate of this bug. ***
Comment 5 Nikos Mavrogiannopoulos 2015-05-28 13:57:19 UTC 

*** This bug has been marked as a duplicate of bug 1220679 ***