Feeds

Red Hat plans unified security management for Fedora 21

One crypto policy to bind them

Top 5 reasons to deploy VMware with Tegile

Red Hat is planning a significant change to how its Fedora Linux distribution handles crypto policy, to ship with the due-in-late-2014 Fedora 21 release.

In this wiki post, the Fedora Project outlines what it calls “system-wide crypto policy”. The idea is that Fedora would provide consistent security for all applications running under it, with the admin able to select pre-defined (but editable) security profiles.

“The idea is to have some predefined security levels such as LEVEL-80, LEVEL-112, LEVEL-128, LEVEL-256, or ENISA-LEGACY, ENISA-FUTURE, SUITEB-128, SUITEB-256,” the team writes. Administrators would edit the security profiles in a single config file, and either run an update to propagate the policy throughout a system (or alternatively, have a daemon that propagates policy updates automatically).

Profiles would cover things like TLS/SSL and DTLS versioning, ciphersuite selection and ordering, certificate and key exchange parameters including minimum key length, acceptable elliptic curve (ECDH or ECDSA for example), signature hash functions, and TLS options like safe renegotiation.

The policy would require change to GnuTLS, OpenSSL and NSS libraries, the writers note.

Phoronix outlines other significant revisions under Fedora 21, which include changes to cron handling, access control for PC/SC cards, support for Ruby 2.1, and OpenCL support, and restricting the number of scenarios in which X.Org will run as root. ®

Intelligent flash storage arrays

More from The Register

next story
Netscape Navigator - the browser that started it all - turns 20
It was 20 years ago today, Marc Andreeesen taught the band to play
Sway: Microsoft's new Office app doesn't have an Undo function
Content aggregation, meet the workplace ... oh
Do Moan! MONSTER 6-day EMAIL OUTAGE hits Domain Monster
Customers freaked out by frightful service
Sign off my IT project or I’ll PHONE your MUM
Honestly, it’s a piece of piss
Return of the Jedi – Apache reclaims web server crown
.london, .hamburg and .公司 - that's .com in Chinese - storm the web server charts
NetWare sales revive in China thanks to that man Snowden
If it ain't Microsoft, it's in fashion behind the Great Firewall
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.