Hello, I'm the maintainer of the ca-certificates package. Could you please help to confirm that the following system configuration change doesn't cause any regressions for your use of the Internet?
ca-legacy disable # (needs to be executed with root permission) If you see any issues with SSL/TLS connections after this change, please try to go back to the default configuration, by executing ca-legacy default then restart the software you were using, and try your connection again. If "ca-legacy default" makes it work again, then please let me how I can reproduce the connection that fails for you in "ca-legacy disabled" mode. (... either by sending an email, or by commenting in the following tracker bug: https://bugzilla.redhat.com/show_bug.cgi?id=1368522 ) Background: I'd like to disable the legacy CAs by default in Fedora 25, which I believe is safe. Your testing will help to confirm that. In the past, the special configuration was introduced because of limitations in older software versions. In the meantime, all known limitations have already been fixed in the software we ship with Fedora 24. The change will increase security, because it will allow us to remove trust for older root CA certificates with weaker key sizes. If you'd like to know more what the ca-legacy tool does: - man ca-legacy - https://fedoraproject.org/wiki/CA-Certificates Thanks for your help! Kai
signature.asc
Description: This is a digitally signed message part
-- devel mailing list devel@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
