#262 184 - NSS loads p11-kit modules by default
Merged 3 years ago by pbokoc. Opened 3 years ago by pbokoc.
fedora-docs/ pbokoc/release-notes f29  into  f29

@@ -3,3 +3,11 @@ 



  = Security


+ == NSS loads p11-kit modules by default


+ Fedora provides a mechanism to configure PKCS#11 modules system wide, allowing crypto libraries (GnuTLS and OpenSSL) to use PKCS#11 modules in a consistent manner.

+ Until now, NSS applications haven't benefited from it as NSS uses a different configuration mechanism which requires users to register PKCS#11 modules in NSS databases.

+ Fedora 29 makes this manual procedure unnecessary by registering the `p11-kit-proxy` module (system PKCS#11 module aggregator) in NSS databases with the default configuration.

+ This allows NSS applciations to use PKCS#11 modules the same as other crypto libraries, enabling consistency in PKCS#11 driver registration across the system.

+ Consequently, users will see improvements in smart card and hardware security module (HSM) use in Fedora.

Pull-Request has been merged by pbokoc

3 years ago