From Fedora Project Wiki
Description
Maybe you are developing your own application that might be using TLS/SSL or other crypto algorithms/protocols. What about updating and testing it with crypto-policies?
How to test
- see
man update-crypto-policies, sectionAPPLICATION SUPPORTif you use some of the system crypto libraries - specific software using TLS/SSL (vnc apps, cups server, rsyslog, mail software, ...)
- you can easily test own server app with openssl s_client, e.g.
server example:
- update-crypto-policies --set FUTURE
- <restart service>
- openssl s_client -tls1 -connect <HOST>:<PORT> # TLSv1.0 should not be accepted
- you can easily test own server app with openssl s_client, e.g.
- clients might be more problematic, feel free to discuss the approach with us on IRC
- ...
Expected Results
- Updates, questions and bugs.