5948 – ThinLinc doesn't respect system crypto policy

Bug 5948 - ThinLinc doesn't respect system crypto policy

Summary: ThinLinc doesn't respect system crypto policy

Status:	NEW

Alias:	None

Product:	ThinLinc
Classification:	Unclassified
Component:	Other (show other bugs)
Version:	pre-1.0
Hardware:	PC Unknown

Importance:	P2 Normal
Target Milestone:	LowPrio
Assignee:	Peter Åstrand

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-07-05 12:29 CEST by Pierre Ossman
Modified:	2022-07-08 10:38 CEST (History)
CC List:	1 user (show)

See Also:	4081 5390 7535
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Pierre Ossman cendio

2016-07-05 12:29:59 CEST

Fedora has introduced something called crypto policy to allow administrators to configure all crypto software on the machine from a central place. ThinLinc should respect these setting, the same as any software included directly with Fedora.

Fedora has patches for GnuTLS and OpenSSL, which we might get automatically as part of some upgrade. We may need to verify this, and perhaps patch things ahead of upstream.

Fedora wiki page about this:
http://fedoraproject.org/wiki/Changes/CryptoPolicy

This primarily affects tlstunnel, but ssh in the client and rdesktop might also be worth looking at.

Comment 1 Pierre Ossman cendio

2022-07-08 10:35:38 CEST

One odd man out here is ssh-keyscan. It has its own hard coded list of things to check. It doesn't respect the global defaults of OpenSSH, nor the system crypto policy.

Note You need to log in before you can comment on or make changes to this bug.