From Fedora Project Wiki


Maybe you are developing your own application that might be using TLS/SSL or other crypto algorithms/protocols. What about updating and testing it with crypto-policies?

How to test

  • see man update-crypto-policies, section APPLICATION SUPPORT if you use some of the system crypto libraries
  • specific software using TLS/SSL (vnc apps, cups server, rsyslog, mail software, ...)
    • you can easily test own server app with openssl s_client, e.g.
      server example:
      update-crypto-policies --set FUTURE
      <restart service>
      openssl s_client -tls1 -connect <HOST>:<PORT> # TLSv1.0 should not be accepted
  • clients might be more problematic, feel free to discuss the approach with us on IRC
  • ...

Expected Results

  • Updates, questions and bugs.