Fedora has introduced something called crypto policy to allow administrators to configure all crypto software on the machine from a central place. ThinLinc should respect these setting, the same as any software included directly with Fedora.
Fedora has patches for GnuTLS and OpenSSL, which we might get automatically as part of some upgrade. We may need to verify this, and perhaps patch things ahead of upstream.
Fedora wiki page about this:
This primarily affects tlstunnel, but ssh in the client and rdesktop might also be worth looking at.
One odd man out here is ssh-keyscan. It has its own hard coded list of things to check. It doesn't respect the global defaults of OpenSSH, nor the system crypto policy.