Please convert this application to use the system's crypto policy for SSL and TLS: https://fedoraproject.org/wiki/Packaging:CryptoPolicies If this program is compiled against gnutls, change the default priority string to be "@SYSTEM" or to use gnutls_set_default_priority(). If this program is compiled against openssl, and there is no default cipher list specified, you don't need to modify it. Otherwise replace the default cipher list with "PROFILE=SYSTEM". In both cases please verify that the application uses the system's crypto policies. If the package is already using the system-wide crypto policies, or it does not use SSL or TLS, no action is required, the bug can simply be closed.
Hello, what is the blocker for that issue?
No strict blocker, mostly a lack of time to implement/verify this (so far).
I just updated libvncserver to the official 0.9.10 release and applied a patch [1] for this issue. Build is libvncserver-0.9.10-2 [2]. I'm no programmer, so please have a check before I submit the update. I'm not sure about rfbAnonTLSPriority. [1] http://pkgs.fedoraproject.org/cgit/libvncserver.git/tree/LibVNCServer-0.9.10-system-crypto-policy.patch [2] http://koji.fedoraproject.org/koji/packageinfo?packageID=5744 Thanks, --Simone
Hi, I am not sure if rfbTLSPriority and rfbAnonTLSPriority are used anywhere, but if yes, I'd use that: +static const char *rfbTLSPriority = "@SYSTEM:+SRP"; +static const char *rfbAnonTLSPriority= "@SYSTEM:+ANON-DH";
Seems legit. Thanks, I will leave it in testing for a couple of weeks.
libvncserver-0.9.10-3.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-b7c1fd61e1
libvncserver-0.9.10-3.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update libvncserver' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-9373473258
libvncserver-0.9.10-3.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update libvncserver' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-b7c1fd61e1
libvncserver-0.9.10-3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
libvncserver-0.9.10-3.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.