The following table helps track the status of System wide crypto policies deployment within Fedora. The current deployment is restricted on SSL/TLS libraries, but the greater idea is to extend them to all applications which involve crypto. If you believe some existing crypto subsystem can benefit of them, contact me or open an issue in [1] for it.
Functionality | Software involved | Tracker bugs | Planned for | Status |
---|---|---|---|---|
SSL/TLS | gnutls | https://bugzilla.redhat.com/show_bug.cgi?id=1179209 | F21 (selected packages), F22 | Full policy support |
openssl | https://bugzilla.redhat.com/show_bug.cgi?id=1179209 | F21 (selected packages), F22 | Partial policy support (ciphersuites only) using custom patch.
There is Upstream bug for incorporation. More complete support planned after upstream includes the proposed changes. | |
NSS | https://bugzilla.redhat.com/show_bug.cgi?id=1157720 | F?? | Under upstream review | |
Java | ||||
SSH | openssh | |||
Kerberos | ||||
DNSSEC | BIND | https://bugzilla.redhat.com/show_bug.cgi?id=1179925 | F23 | Ongoing work |