389-ds-base

Clone
Source Code
GIT

83a6ceb Ticket #47908 - 389-ds 1.3.3.0 does not adjust cipher suite configuration on upgrade, breaks itself and pki-server

Authored and Committed by nhosoi 9 years ago
raw patch tree parent
1 file changed. 16 lines added. 9 lines removed.
ldap/servers/slapd/ssl.c
file modified
+16 -9 
    Ticket #47908 - 389-ds 1.3.3.0 does not adjust cipher suite configuration on upgrade, breaks itself and pki-server
    
    Description:
    In the given cipher list:
      nsSSL3Ciphers: +rsa_fips_3des_sha,+rsa_fips_des_sha,+rsa_3des_sha,
       +rsa_rc4_128_md5,+rsa_des_sha,+rsa_rc2_40_md5,+rsa_rc4_40_md5,
       +fortezza
    there were 2 issues.
    1) An old cipher suite name rsa_des_sha was not correctly mapped
       to the name supported by NSS (TLS_RSA_WITH_DES_CBC_SHA) in the
       mapping table. And the unsupported cipher name was not gracefully
       skipped but returned an error.  This patch fixes the mapped name
       and the behaviour so that it skips the unknown/unsupported cipher.
    2) A cipher "fortezza" is deprecated.  It's now skipped with the
       proper warning message.
    
    Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
    
    https://fedorahosted.org/389/ticket/47908
file modified
+16 -9
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.