Ticket #47908 - 389-ds 1.3.3.0 does not adjust cipher suite configuration on upgrade, breaks itself and pki-server
Description:
In the given cipher list:
nsSSL3Ciphers: +rsa_fips_3des_sha,+rsa_fips_des_sha,+rsa_3des_sha,
+rsa_rc4_128_md5,+rsa_des_sha,+rsa_rc2_40_md5,+rsa_rc4_40_md5,
+fortezza
there were 2 issues.
1) An old cipher suite name rsa_des_sha was not correctly mapped
to the name supported by NSS (TLS_RSA_WITH_DES_CBC_SHA) in the
mapping table. And the unsupported cipher name was not gracefully
skipped but returned an error. This patch fixes the mapped name
and the behaviour so that it skips the unknown/unsupported cipher.
2) A cipher "fortezza" is deprecated. It's now skipped with the
proper warning message.
Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
https://fedorahosted.org/389/ticket/47908
(cherry picked from commit 83a6ceb556e769f0d0a201f4a3d783ae3915c6bc)