389-ds-base

Clone
Source Code
GIT

9b3c273 Ticket #48775 - If nsSSL3 is on, even if SSL v3 is not really enabled, a confusing message is logged.

Authored and Committed by nhosoi 8 years ago
raw patch tree parent
1 file changed. 5 lines added. 3 lines removed.
ldap/servers/slapd/ssl.c
file modified
+5 -3 
    Ticket #48775 - If nsSSL3 is on, even if SSL v3 is not really enabled, a confusing message is logged.
    
    Description: The config entry cn=encryption,cn=config takes old and new
    formats to specify SSL versions.
    * old format:
      nsSSL3: on|off
      nsTLS1: on|off
    * new format:
      sslVersionMin: <min value, e.g., TLS1.0>
      sslVersionMax: <max value, e.g., TLS1.3>
    To enable SSLv3, both nsSSL3 needs to be on and sslVersionMin needs to
    set to SSL3.  But the current code logs the following warning if nsSSL3
    is on, even if sslVersionMin is set to higher than SSL3:
      Found unsecured configuration: nsSSL3: on; We strongly recommend to
      disable nsSSL3 in cn=encryption,cn=config.
    
    Instead, this patch changes the behaviour to log the warning only when
    nsSSL3 is on and sslVersionMin is set to lower than or equal to SSL3:
      Min value is too low in range: min: SSL3, max: TLS##;
      We strongly recommend to set sslVersionMin higher than TLS1.0.
    
    https://fedorahosted.org/389/ticket/48775
    
    Reviewed by mreynolds@redhat.com (Thank you, Mark!!)
file modified
+5 -3
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.