#7998 Use system-wide crypto policy in TLS client
Closed: fixed 5 years ago by cheimes. Opened 5 years ago by cheimes.

Request for enhancement

Related to #7667, IPA should use the system-wide default settings for TLS ciphers. In the past IPA had to override the default settings because OpenSSL configured weak ciphers. This has changed with OpenSSL 1.0.2 and newer. The new defaults are safe.

On Fedora and RHEL 8, the default cipher suites are configured by the system-wide crypto policy. Currently only the Fedora platform uses the system-wide settings with additional modifications. On RHEL, the system-wide policy is ignored.


master:

  • b553448 Use system-wide crypto policy for TLS ciphers

Metadata Update from @cheimes:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

5 years ago

Log in to comment on this ticket.

Metadata