It's my understanding that there's been some recent work to move openjdk to certain NSS security providers (for EC, for example). But, I think you already answered my (poorly worded) question. Thanks.
On Mon, May 23, 2016, 04:01 Nikos Mavrogiannopoulos <n...@redhat.com> wrote: > The impact in what sense? Note that openjdk will also conform to the > system wide policy. > > regards, > Nikos > > On Fri, 2016-05-20 at 15:24 +0000, Christopher wrote: > > What is the impact on openjdk crypto providers? > > > > On Fri, May 20, 2016, 05:49 Jan Kurik <jku...@redhat.com> wrote: > > > = Proposed Self Contained Change: NSS enforces the system-wide > > > crypto policy = > > > https://fedoraproject.org/wiki/Changes/NSSCryptoPolicies > > > > > > Change owner(s): > > > * Nikos Mavrogiannopoulos <nmav AT redhat DOT com> > > > > > > As it is now, the System-wide crypto policy in F24 is only enforced > > > by > > > the OpenSSL and GnuTLS TLS libraries. To harmonize crypto in > > > Fedora, > > > NSS is enhanced to respect the settings of the system-wide crypto > > > policy as well. > > > > > > == Detailed Description == > > > As it is now, the System-wide crypto policy in F24 is only enforced > > > by > > > the OpenSSL and GnuTLS TLS libraries. To harmonize crypto in > > > Fedora, > > > NSS is enhanced to respect the settings of the system-wide crypto > > > policy as well. > > > After that change the administrator should be assured that any > > > application that uses NSS will follow a policy that adheres to the > > > configured profile. > > > > > > > > > == Scope == > > > * Proposal owners: > > > The change requires modifying the NSS library to read a policy > > > generated by the crypto-policy package. > > > > > > * Other developers: > > > There are no required actions by other developers. The change > > > requires > > > only targeted changes to NSS. > > > > > > * Release engineering: > > > No actions required. > > > > > > * Policies and guidelines: > > > - The packaging guidelines for crypto policies need to be modified > > > to > > > include NSS in the list of libraries supporting the policies. > > > - The text "(note that adherence to the system-wide policies is > > > work > > > in progress for NSS libraries)" must be removed > > > - The text "Currently the policies are restricted to applications > > > using GnuTLS and OpenSSL" must be changed to include NSS. > > > > > > * Trademark approval: > > > N/A (not needed for this Change) > > > -- > > > Jan Kuřík > > > Platform & Fedora Program Manager > > > Red Hat Czech s.r.o., Purkynova 99/71, 612 45 Brno, Czech Republic > > > -- > > > devel mailing list > > > devel@lists.fedoraproject.org > > > http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraprojec > > > t.org > > > > > -- > > devel mailing list > > devel@lists.fedoraproject.org > > http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject. > > org > -- > Nikos Mavrogiannopoulos, PhD, > Crypto Tech. Lead, > Security Technologies, > Red Hat, Inc. > > > > > > -- > devel mailing list > devel@lists.fedoraproject.org > http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org >
-- devel mailing list devel@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
