[CentOS] RHEL 7.3 wish-list

Sat Apr 2 19:40:56 UTC 2016
Digimer <lists at alteeve.ca>

On 02/04/16 03:38 PM, Alice Wonder wrote:
> CentOS tracks RHEL and there is something I think probably can only be
> done in a point release but I believe should be done.
> 
> Update to nss and curl.
> 
> The problem - the version of curl that ships with CentOS does not
> support ECC cryptography.
> 
> A newer version would, but requires manual specification of the ciphers
> if the TLS/SSL library used (NSS on RHEL/Fedora) does not have the ECC
> ciphers enabled by default, and the NSS in RHEL/CentOS 7 does not.
> 
> This causes a problem when using CentOS 7 for something like a CDN that
> needs to pull content from a server using modern ECC cryptography
> without support for the older cryptography methods, and some sensitive
> servers are starting to do just that to avoid being vulnerable to
> various 0 day exploits that pop up with older cryptography.
> 
> I think the NSS library should be rebuilt to have ECC ciphers enabled by
> default (I don't think that requires a version update) and that curl
> should be updated, with a newer build, that includes a bump to the .so
> version.
> 
> Thoughts on this?
> 
> I'm out of town, I plan to try and file a bugzilla for this when I get
> back, but if this sounds idiotic to most then I won't.
> 
> I can solve it on my system with a local build.
> 
> Thank you for your time.

You can always ask in bugzilla. If they reject it, you should at least
get their reasoning.

-- 
Digimer
Papers and Projects: https://alteeve.ca/w/
What if the cure for cancer is trapped in the mind of a person without
access to education?