Issue #7998: Use system-wide crypto policy in TLS client - freeipa

freeipa

#7998 Use system-wide crypto policy in TLS client

Closed: fixed 4 years ago by cheimes. Opened 4 years ago by cheimes.

Request for enhancement

Related to #7667, IPA should use the system-wide default settings for TLS ciphers. In the past IPA had to override the default settings because OpenSSL configured weak ciphers. This has changed with OpenSSL 1.0.2 and newer. The new defaults are safe.

On Fedora and RHEL 8, the default cipher suites are configured by the system-wide crypto policy. Currently only the Fedora platform uses the system-wide settings with additional modifications. On RHEL, the system-wide policy is ignored.

cheimes commented 4 years ago

master:

b553448 Use system-wide crypto policy for TLS ciphers

Metadata Update from @cheimes:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

4 years ago

Metadata

Assignee

cheimes

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 4.8

None

affects_doc

None

source

None

knownissue

None

type

None

blockedby

None

test_case

None

component

None

blocking

None

on_review

None

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

None

tester

None

changelog

None

design

None

freeipa

Source Code

#7998 Use system-wide crypto policy in TLS client Closed: fixed 4 years ago by cheimes. Opened 4 years ago by cheimes.

Request for enhancement

Metadata

#7998 Use system-wide crypto policy in TLS client

Closed: fixed 4 years ago by cheimes. Opened 4 years ago by cheimes.