Feeds

Red Hat plans unified security management for Fedora 21

One crypto policy to bind them

Beginner's guide to SSL certificates

Red Hat is planning a significant change to how its Fedora Linux distribution handles crypto policy, to ship with the due-in-late-2014 Fedora 21 release.

In this wiki post, the Fedora Project outlines what it calls “system-wide crypto policy”. The idea is that Fedora would provide consistent security for all applications running under it, with the admin able to select pre-defined (but editable) security profiles.

“The idea is to have some predefined security levels such as LEVEL-80, LEVEL-112, LEVEL-128, LEVEL-256, or ENISA-LEGACY, ENISA-FUTURE, SUITEB-128, SUITEB-256,” the team writes. Administrators would edit the security profiles in a single config file, and either run an update to propagate the policy throughout a system (or alternatively, have a daemon that propagates policy updates automatically).

Profiles would cover things like TLS/SSL and DTLS versioning, ciphersuite selection and ordering, certificate and key exchange parameters including minimum key length, acceptable elliptic curve (ECDH or ECDSA for example), signature hash functions, and TLS options like safe renegotiation.

The policy would require change to GnuTLS, OpenSSL and NSS libraries, the writers note.

Phoronix outlines other significant revisions under Fedora 21, which include changes to cron handling, access control for PC/SC cards, support for Ruby 2.1, and OpenCL support, and restricting the number of scenarios in which X.Org will run as root. ®

Beginner's guide to SSL certificates

More from The Register

next story
Microsoft on the Threshold of a new name for Windows next week
Rebranded OS reportedly set to be flung open by Redmond
Business is back, baby! Hasta la VISTA, Win 8... Oh, yeah, Windows 9
Forget touchscreen millennials, Microsoft goes for mouse crowd
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple: SO sorry for the iOS 8.0.1 UPDATE BUNGLE HORROR
Apple kills 'upgrade'. Hey, Microsoft. You sure you want to be like these guys?
ARM gives Internet of Things a piece of its mind – the Cortex-M7
32-bit core packs some DSP for VIP IoT CPU LOL
Lotus Notes inventor Ozzie invents app to talk to people on your phone
Imagine that. Startup floats with voice collab app for Win iPhone
'Google is NOT the gatekeeper to the web, as some claim'
Plus: 'Pretty sure iOS 8.0.2 will just turn the iPhone into a fax machine'
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.