)]}'
{"etc/memcache.conf-sample":[{"author":{"_account_id":15343,"name":"Tim Burke","email":"tburke@nvidia.com","username":"tburke"},"change_message_id":"0da21e2ca0446179e6c1310fdafce46e4d57b802","unresolved":true,"context_lines":[{"line_number":61,"context_line":"# the TLS context. It should be a string in the OpenSSL cipher"},{"line_number":62,"context_line":"# list format. If not specified, all OpenSSL enabled ciphers will"},{"line_number":63,"context_line":"# be available."},{"line_number":64,"context_line":"# tls_allowed_ciphers \u003d"}],"source_content_type":"application/octet-stream","patch_set":1,"id":"bafbca14_4b822e44","line":64,"range":{"start_line":64,"start_character":2,"end_line":64,"end_character":21},"updated":"2021-01-06 20:10:31.000000000","message":"Carrying over some conversation from the parent patch:\n\n\u003e I\u0027m still a little nervous about tls_allowed_ciphers -- it seems like a weird knob to have. My gut says it\u0027s too low-level for application code; there ought to be some other way to lock down the allowed ciphers for OpenSSL that would take effect system-wide. OTOH, if it really *is* needed for FIPS future-proofing, it seems insufficient -- there are other parameters like protocol version that seem like they may later need limiting as well.\n\n\u003e Is it not the sort of thing that can be set system-wide down in /etc/crypto-policies/ somewhere?","commit_id":"9eea96021af81e2ebe3600648c74fd6b798158c4"}]}