Ticket #48775 - If nsSSL3 is on, even if SSL v3 is not really enabled, a confusing message is logged.
Description: The config entry cn=encryption,cn=config takes old and new
formats to specify SSL versions.
* old format:
nsSSL3: on|off
nsTLS1: on|off
* new format:
sslVersionMin: <min value, e.g., TLS1.0>
sslVersionMax: <max value, e.g., TLS1.3>
To enable SSLv3, both nsSSL3 needs to be on and sslVersionMin needs to
set to SSL3. But the current code logs the following warning if nsSSL3
is on, even if sslVersionMin is set to higher than SSL3:
Found unsecured configuration: nsSSL3: on; We strongly recommend to
disable nsSSL3 in cn=encryption,cn=config.
Instead, this patch changes the behaviour to log the warning only when
nsSSL3 is on and sslVersionMin is set to lower than or equal to SSL3:
Min value is too low in range: min: SSL3, max: TLS##;
We strongly recommend to set sslVersionMin higher than TLS1.0.
https://fedorahosted.org/389/ticket/48775
Reviewed by mreynolds@redhat.com (Thank you, Mark!!)