Add support for RHEL8 systemwide update-crypto-policies
floatingatoll opened this issue · 3 comments
floatingatoll commented
Per the RHEL 8.0 release notes from today’s release, they’ve added a systemwide TLS config utility. Please consider updating the generator to support this.
tomato42 commented
well, either you use Crypto-Policies and accept the guidelines of Red Hat engineers, or you override them and use this guide
as far as I can tell, there is nothing to update...
floatingatoll commented
Ah, I see they deferred custom policy support until a later release —
The individual policy levels (*DEFAULT*, *LEGACY*, *FUTURE*, and *FIPS*)
are included in the *crypto-policies(7)* package. In the future, there will
be also a mechanism for easy creation and deployment of policies defined by
the system administrator or a third party vendor.
You may reject this if you wish, or use it to track that future support,
either WFM.
…On Tue, May 7, 2019 at 10:43 AM Hubert Kario ***@***.***> wrote:
well, either you use Crypto-Policies and accept the guidelines of Red Hat
engineers, or you override them and use this guide
as far as I can tell, there is nothing to update...
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#245 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAAWUDC26O3TNRL3ZE4WWX3PUG5UTANCNFSM4HLKLIQQ>
.
tomato42 commented
even when creating custom policies will be supported, the main use case will be slight adjustments (e.g. removal of SHA1 from DEFAULT, adding ARIA to DEFAULT) rather than complete redesign
so yes, I'd say it's not in scope
please re-open or comment on this issue when actual feature set of custom crypto-policies is known and we still want to support them