It was reported that kdelibs and qt libraries support insecure cipher suites. Suse bug: https://bugzilla.suse.com/show_bug.cgi?id=865241
Created kdelibs tracking bugs for this issue: Affects: fedora-all [bug 1325325]
Created qt3 tracking bugs for this issue: Affects: fedora-all [bug 1325329]
Created qt tracking bugs for this issue: Affects: fedora-all [bug 1325328]
Created kdelibs3 tracking bugs for this issue: Affects: fedora-all [bug 1325326] Affects: epel-7 [bug 1325327]
Is it possible to take this approach, https://fedoraproject.org/wiki/Changes/CryptoPolicy ... In OpenSSL the cipher string "PROFILE=SYSTEM" will be used to specify the system ciphers. Any applications not explicitly specifying ciphers will use the system ciphers. Per https://fedoraproject.org/wiki/Packaging:CryptoPolicies I'd looked before, but didn't see any place where any explicit call to SSL_CTX_set_cipher_list was made, so I naively assumed things were ok by default. So, maybe consider adding some SSL_CTX_set_cipher_list call (somewhere?) to address this? (sorry, I'd commented on the qt one specifically before noticing this toplevel tracker)
To which version of fedora does this bug report apply. SSL 3.0 and RC4 were removed in Fedora 23. https://fedoraproject.org/wiki/Changes/RemoveSSL3andRc4
i(In reply to Nikos Mavrogiannopoulos from comment #9) > To which version of fedora does this bug report apply. SSL 3.0 and RC4 were > removed in Fedora 23. > > https://fedoraproject.org/wiki/Changes/RemoveSSL3andRc4 it's fedora 22
Then I do not see any security vulnerability. Please upgrade to Fedora 23.