1179315 – Utilize system-wide crypto-policies

Bug 1179315 - Utilize system-wide crypto-policies

Summary: Utilize system-wide crypto-policies

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	libvirt
Sub Component:
Version:	21
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Libvirt Maintainers
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	fedora-crypto-policies
TreeView+	depends on / blocked

Reported:	2015-01-06 14:57 UTC by Nikos Mavrogiannopoulos
Modified:	2015-09-21 22:23 UTC (History)
CC List:	10 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-09-21 22:23:38 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Nikos Mavrogiannopoulos 2015-01-06 14:57:29 UTC

Please convert this application to use the system's crypto policy for SSL and TLS:
https://fedoraproject.org/wiki/Packaging:CryptoPolicies

If this program is compiled against gnutls, change the default priority string to be "@SYSTEM" or to use gnutls_set_default_priority().

If this program is compiled against openssl, and there is no default cipher list specified, you don't need to modify it. Otherwise replace the default cipher list with "PROFILE=SYSTEM".

In both cases please verify that the application uses the system's crypto policies.

If the package is already using the system-wide crypto policies, or it does not use SSL or TLS, no action is required, the bug can simply be closed.

Comment 1 Cole Robinson 2015-09-21 22:23:38 UTC

Libvirt has used gnutls_set_default_priority since 2011. And we don't directly use the openssl API, so I think we are fine here.

Note You need to log in before you can comment on or make changes to this bug.