Re: [Secure Coding] master: sect-Defensive_Coding-TLS-OpenSSL: Mention openssl genrsa entropy issue (564ffc8)

On Po, 2014-04-28 at 14:55 +0200, Florian Weimer wrote: On 04/28/2014 02:36 PM, Tomas Mraz wrote: diff --git a/defensive-coding/en-US/Features-TLS.xml b/defensive-coding/en-US/Features-TLS.xml index 936910d..f4da007 100644 --- a/defensive-coding/en-US/Features-TLS.xml +++ b/defensive

Re: [Secure Coding] master: sect-Defensive_Coding-TLS-OpenSSL: Mention openssl genrsa entropy issue (564ffc8)

On Po, 2014-04-28 at 15:22 +0200, Florian Weimer wrote: On 04/28/2014 03:05 PM, Tomas Mraz wrote: I tried to word in a way that doesn't give the impression that /dev/urandom is insecure, while still pleasing those who strongly think that long-term key material should be generated from

Re: Fedora crypto policy vs the real world Was: available crypto policies

for disabling RC4 prior to implementing them in their environments. So no, Windows won't disable RC4 support by default. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road

Re: available crypto policies

when used within HMAC for message authentication. You cannot apply birthday attack to message authentication. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb (You'll never know whether the road is wrong though

Re: restricting the scope of CA certificates

tensions - as the extensions would have to be stapled onto some concrete certificates. You would have to basically create stapled extensions for every CA in your trusted list except for the Red Hat internal CA. And if any additional CA is added to the trusted list, it would have to get this sta

Re: Maintainer for gnupg (and related) packages not responding – CVE unfixed

g report against libgcrypt has an CVE assigned and still > it is unfixed for months. This must not happen too. There should be > some mechanism to notify somebody if a maintainer doesn't act on CVEs > within 3 days. If that was not a very low impact CVE I'd be willing to spend more time on backpor

Re: Preparing openvpn3 packaging for review - openssl challenges

On Tue, 2020-02-18 at 21:16 +0100, David Sommerseth wrote: > Hi, > > I'm running rpmlint against packages built based on the Fedora Copr > [1] build > I've provided for some time. I'm planning to move this forward for > the standard > Fedora and EPEL repositories. But rpmlint complains about

Re: Preparing openvpn3 packaging for review - openssl challenges

On Wed, 2020-02-19 at 12:35 +0100, David Sommerseth wrote: > On 19/02/2020 11:33, Tomas Mraz wrote: > > On Wed, 2020-02-19 at 11:06 +0100, David Sommerseth wrote: > > > On 19/02/2020 08:25, Tomas Mraz wrote: > > > [...snip...] > > > > >

Re: Preparing openvpn3 packaging for review - openssl challenges

On Wed, 2020-02-19 at 11:06 +0100, David Sommerseth wrote: > On 19/02/2020 08:25, Tomas Mraz wrote: > [...snip...] > > > if (!SSL_CTX_set_cipher_list(ctx, > > >/* defau