From Fedora Project Wiki

(picked a sub-beat)
(corrected typo)
(64 intermediate revisions by 13 users not shown)
Line 1: Line 1:
{{header|docs}}
{{header|docs}}{{Docs_beat_open}}
{{Docs_beat_open}}
{{Draft|
Pick up a sub-beat and sign your name}}


<title>Crypto Policy</title>


{|- style="width: 40%; margin: auto; text-align: center;"
<para>Beginning in Fedora 21, a system-wide crypto policy will be available for users to quickly setup the cryptographic options for their systems.  Users that must meet certain cryptographic standards can make the policy change in <filename>//etc/crypto-policies/config</filename>, and run update-crypto-policies. At this point applications that utilize the default set of ciphers in the GnuTLS and OpenSSL libraries will follow the policy requirements.</para>
! style="width: 70%;" |Toool || style="width: 10%; text-align: center;" | To do || Writer
|-
|style="text-align: left;" | Firewall (F15 feature) || yes ||
|-
|style="text-align: left;"| pam_systemd || yes ||
|-
|style="text-align: left;"| OpenSCAP (secstat, firstaidkit) || yes/no || [[User:lewis41|Luigi Votta]]
|-
|style="text-align: left;"| DogTag Certificate System (PKI-*) || yes/no ||
|-
|style="text-align: left;"| SELinux Enhancements || yes/no ||
|-
|style="text-align: left;"| polkit-qt || yes/no ||
|-
|style="text-align: left;"| sectool || yes/no ||
|-
|style="text-align: left;"| freeipa || yes/no ||
|-
|style="text-align: left;"| dnssec-tools & dnssec-config || yes/no ||
|-
|}


= Security =
<para>The available options are: (1) <literal>LEGACY</literal>, which ensures compatibility with legacy systems - 64-bit security, (2) <literal>DEFAULT</literal>, a reasonable default for today's standards - 80-bit security, and (3) <literal>FUTURE</literal>, a conservative level that is believed to withstand any near-term future attacks - 128-bit securityThese levels affect SSL/TLS settings, including elliptic curve, signature hash functions, and ciphersuites and key sizes.</para>
This section describes the security changes and enhancements available in Fedora 15.   


== Openscap ==
<para>Additional information on this new feature can be found on the <ulink url="https://fedoraproject.org/wiki/Changes/CryptoPolicy">CryptoPolicy Changes wiki page</ulink>.</para>
Set of open source libraries enabling integration of the SCAP line of standards.


First introduced in Fedora 14, Openscap continues to


[[Category:Docs Project]]
[[Category:Docs Project]]
[[Category:Draft documentation]]
[[Category:Draft documentation]]
[[Category:Documentation beats]]
[[Category:Documentation beats]]

Revision as of 07:03, 4 June 2014

DocsProject Header docTeam1.png
Note.png
Beat is open
This beat is now ready to have Fedora 25 content added by the beat writer


<title>Crypto Policy</title>

<para>Beginning in Fedora 21, a system-wide crypto policy will be available for users to quickly setup the cryptographic options for their systems. Users that must meet certain cryptographic standards can make the policy change in <filename>//etc/crypto-policies/config</filename>, and run update-crypto-policies. At this point applications that utilize the default set of ciphers in the GnuTLS and OpenSSL libraries will follow the policy requirements.</para>

<para>The available options are: (1) <literal>LEGACY</literal>, which ensures compatibility with legacy systems - 64-bit security, (2) <literal>DEFAULT</literal>, a reasonable default for today's standards - 80-bit security, and (3) <literal>FUTURE</literal>, a conservative level that is believed to withstand any near-term future attacks - 128-bit security. These levels affect SSL/TLS settings, including elliptic curve, signature hash functions, and ciphersuites and key sizes.</para>

<para>Additional information on this new feature can be found on the <ulink url="https://fedoraproject.org/wiki/Changes/CryptoPolicy">CryptoPolicy Changes wiki page</ulink>.</para>

Retrieved from "https://fedoraproject.org/w/index.php?title=Documentation_Security_Beat&oldid=379227"