On 06/05/2018 12:25 PM, Tomas Mraz wrote:
On Tue, 2018-06-05 at 16:11 +0000, Christian Stadelmann wrote:
"Fallback option" always smells like "protocol downgrade attack".
This would undermine the idea of a crypto policy. Anyway,
implementing it seems way out of scope for the crypto policy.
Yes, a fallback option is a no-way. You can switch the system policy to
LEGACY, however that does not necessarily mean that some very old
legacy HW will start to work with Firefox or another web browser,
because with newer versions of the browsers and newer versions of
TLS/crypto libraries some very old and insecure algorithm and protocol
support is being also removed.
Makes sense, but what is the best way to deal with such old HW if you're
stuck with it? I don't want to compromise my workstation for all my
normal needs just to deal with some ancient embedded https server, but
it would kind of suck to have to boot some old live image just to do
some routine config change. It seems the industry has room for
improvement here.
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/3J6I2UK3QPE6THJBJVYNLTX3ZTF5WIAM/
