Fedora has switch to system-wide default crypto policies for TLS and other crypto packages: https://fedoraproject.org/wiki/Packaging:CryptoPolicies https://fedoraproject.org/wiki/User:Nmav/FedoraCryptoPolicies As it is now Go applications don't respect the system policy, making them distinct from other system applications. If go uses a configuration to adjust TLS library behavior, please suggest a patch to crypto policies upstream [0] to generate such a file. If not please advise on the appropriate path to follow for go applications to behave similarly to other system applications. [This is a proposal for collaboration, please let me know whether that can be done in our current setup of Java and how, and if not, the steps that are required to achieve that goal] [0]. https://gitlab.com/nmav/fedora-crypto-policies/
Is there somewhere described the crypto policy in general terms? From first look this seems to be more fit for each individual package/project using Go stdlib, than stdlib itself(as it doesn't provide any facility to disable individual algorithms at runtime).
The idea is described in: https://gitlab.com/nmav/fedora-crypto-policies/blob/master/update-crypto-policies.8.txt https://fedoraproject.org/wiki/Changes/CryptoPolicy We want to be able to provide a default system policy which _all_ packages in the system respect.
This bug appears to have been reported against 'rawhide' during the Fedora 28 development cycle. Changing version to '28'.