Ticket #605 - support TLS 1.1
Description:
NSS 3.14 deprecates the current way to configure SSL versions:
SSL_OptionSet(pr_sock, SSL_ENABLE_SSL3|SSL_ENABLE_TLS, True|False)
Instead, it introduces new range APIs to provide more detailed SSL
version control by using SSL_VersionRangeSet(pr_sock, NSSVersions).
The NSSVersions has 2 fields "min" and "max", which take the minimum
and maximum SSL versions.
By default, slapd_ssl_init2 sets the default supported range by NSS,
which is min: SSL3 and max: TLS1.2. This patch adds 2 config params
sslVersionMin and sslVersionMax to cn=encryption,cn=config to provide
the ability to control the values.
Both takes: ssl3 or tls1.?. If the range is not supported by the
NSS or conflicts with the current params nsSSL3 and nsTLS1, it'd be
adjusted.
Reviewed by rmeggins@redhat.com (Thank you, Rich!)