Bug 5948 - ThinLinc doesn't respect system crypto policy
Summary: ThinLinc doesn't respect system crypto policy
Status: NEW
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Other (show other bugs)
Version: pre-1.0
Hardware: PC Unknown
: P2 Normal
Target Milestone: LowPrio
Assignee: Peter Åstrand
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-07-05 12:29 CEST by Pierre Ossman
Modified: 2022-07-08 10:38 CEST (History)
1 user (show)

See Also:
Acceptance Criteria:


Attachments

Description Pierre Ossman cendio 2016-07-05 12:29:59 CEST
Fedora has introduced something called crypto policy to allow administrators to configure all crypto software on the machine from a central place. ThinLinc should respect these setting, the same as any software included directly with Fedora.

Fedora has patches for GnuTLS and OpenSSL, which we might get automatically as part of some upgrade. We may need to verify this, and perhaps patch things ahead of upstream.

Fedora wiki page about this:
http://fedoraproject.org/wiki/Changes/CryptoPolicy

This primarily affects tlstunnel, but ssh in the client and rdesktop might also be worth looking at.
Comment 1 Pierre Ossman cendio 2022-07-08 10:35:38 CEST
One odd man out here is ssh-keyscan. It has its own hard coded list of things to check. It doesn't respect the global defaults of OpenSSH, nor the system crypto policy.

Note You need to log in before you can comment on or make changes to this bug.