Let's drop support for NSS!

Kevin Stange kevin at simguy.net
Sun Sep 14 16:30:47 EDT 2014


On 09/14/2014 02:22 PM, Elliott Sales de Andrade wrote:
> A few years ago, I might have pointed to Fedora's efforts to standardize
> on NSS. Nowadays, I'm not so sure whether that's one of their goals or not.

Fedora's current goal is this:

http://fedoraproject.org/wiki/Changes/CryptoPolicy

Summed up, Fedora feels there are too many libraries with competing
policies to provide a uniform security model, so they intend to patch
all of them so that they can all draw from the same generalized
system-wide policy that determines which TLS versions, ciphers (priority
and availability), and options are able to be used.

Fedora apparently intends to keep letting people do whatever they want,
and if they choose to use the default profile, they get whatever
Fedora's current "best practice" says they get.  Of course, that isn't
going to turn into a universal thing unless other distros pick up
similar plans of action.

Kevin



More information about the Devel mailing list