389-ds-base

Clone
Source Code
GIT

88d4bec Ticket #605 - support TLS 1.1

Authored and Committed by nhosoi 10 years ago
raw patch tree parent
2 files changed. 385 lines added. 26 lines removed.
ldap/schema/01core389.ldif
file modified
+3 -1
ldap/servers/slapd/ssl.c
file modified
+382 -25 
    Ticket #605 - support TLS 1.1
    
    Description:
    NSS 3.14 deprecates the current way to configure SSL versions:
    SSL_OptionSet(pr_sock, SSL_ENABLE_SSL3|SSL_ENABLE_TLS, True|False)
    Instead, it introduces new range APIs to provide more detailed SSL
    version control by using SSL_VersionRangeSet(pr_sock, NSSVersions).
    The NSSVersions has 2 fields "min" and "max", which take the minimum
    and maximum SSL versions.
    
    By default, slapd_ssl_init2 sets the default supported range by NSS,
    which is min: SSL3 and max: TLS1.2.  This patch adds 2 config params
    sslVersionMin and sslVersionMax to cn=encryption,cn=config to provide
    the ability to control the values.
    
    Both takes: ssl3 or tls1.?.  If the range is not supported by the
    NSS or conflicts with the current params nsSSL3 and nsTLS1, it'd be
    adjusted.
    
    Reviewed by rmeggins@redhat.com (Thank you, Rich!)
file modified
+3 -1
file modified
+382 -25
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.