From e7b0dfcc21668d0aac28ecd9253c403fa978b41c Mon Sep 17 00:00:00 2001 From: Eric H Christensen Date: Jun 27 2014 13:31:41 +0000 Subject: Added Crypto Policy feature --- diff --git a/en-US/Encryption.xml b/en-US/Encryption.xml index 9b22d0c..ad937d6 100644 --- a/en-US/Encryption.xml +++ b/en-US/Encryption.xml @@ -64,6 +64,12 @@ AuthorizedKeysFile .ssh/authorized_keysThe first line tells the SSH pro Similarly to passwords and any other authentication mechanism, you should change your SSH keys regularly. When you do make sure you clean out any unused key from the authorized_key file. +
+ Crypto Policy + Beginning in Fedora 21, a system-wide crypto policy will be available for users to quickly setup the cryptographic options for their systems. Users that must meet certain cryptographic standards can make the policy change in /etc/crypto-policies/config, and run update-crypto-policies. At this point applications that are utilize the default set of ciphers in the GnuTLS and OpenSSL libraries will follow the policy requirements. + The available options are: (1) LEGACY, which ensures compatibility with legacy systems - 64-bit security, (2) DEFAULT, a reasonable default for today's standards - 80-bit security, and (3) FUTURE, a conservative level that is believed to withstand any near-term future attacks - 128-bit security. These levels affect SSL/TLS settings, including elliptic curve, signature hash functions, and ciphersuites and key sizes. + Additional information on this new feature can be found on the CryptoPolicy Changes wiki page. +