1427641 Ticket 50355 - NSS can change the requested SSL min and max versions

Authored and Committed by mreynolds 4 years ago
    Ticket 50355 -  NSS can change the requested SSL min and max versions
    
    Description:  If we try and set a min and max SSL version in the server,
                  it is actually only a request.  After setting the min and
                  max, you need to retrieve the min and max to see what NSS
                  did.  Then you have to reset the min and max versions one
                  more time to actually set the valid range.  So yes, you do
                  have to do a set() -> get() -> set().
    
                  There also another outstanding issue with NSS where it says
                  the default max SSL version in FIPS mode is 1.3, but in fact
                  it is 1.2.  So this patch has a hack fix to workaround that
                  bug.  It should be able to be removed soon...
    
    https://pagure.io/389-ds-base/issue/50355
    
    Reviewed by: mhonek(Thanks!)
    
    (cherry picked from commit 3d4c48eb4fc78628ef15e981d5175c68ab9ee4d8)
    
        
file modified
+57 -38