389-ds-base

Clone
Source Code
GIT

2c8e339 Issue 51129 - SSL alert: The value of sslVersionMax "TLS1.3" is higher than the supported version

Authored and Committed by mreynolds 3 years ago
raw patch tree parent
2 files changed. 81 lines added. 76 lines removed.
ldap/servers/slapd/ssl.c
file modified
+80 -75
src/lib389/lib389/dirsrv_log.py
file modified
+1 -1 
    Issue 51129 - SSL alert: The value of sslVersionMax "TLS1.3" is higher than the supported version
    
    Bug Description:  If you try and set the sslVersionMax higher than the
                      default range, but within the supported range, you
                      would still get an error and the server would reset
                      the max to "default" max value.
    
    Fix Description:  Keep track of both the supported and default SSL ranges,
                      and correctly use each range for value validation.  If
                      the value is outside the supported range, then use default
                      value, etc, but do not check the requested range against
                      the default range.  We only use the default range if
                      there is no specified min or max in the config, or if
                      a invalid min or max value is set in the config.
    
                      Also, refactored the range variable names to be more
                      accurate:
    
                         enabledNSSVersions -->  defaultNSSVersions
                         emin, emax         -->  dmin, dmax
    
    relates: https://pagure.io/389-ds-base/issue/51129
    
    Reviewed by: firstyear(Thanks!)
file modified
+80 -75
file modified
+1 -1
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.