c6febe3 Ticket #47838 - harden the list of ciphers available by default (phase 2)

Authored and Committed by nhosoi 5 years ago
    Ticket #47838 - harden the list of ciphers available by default (phase 2)
    
    Description:
    1) By default (i.e., no explicit allowWeakCipher set in cn=encryption,cn=config),
       allowWeakCipher is on for user specified cipher list
       allowWeakCipher is off for "+all" and "default"
    2) Fixed enabled allowWeakCipher (explicitly set "on" to it) is
       applied to "+all" and "default".
    3) If an invalid value is set to allowWeakCipher, this message is
       logged in the error log and set it to the default value.
         SSL alert: The value of allowWeakCipher "poor" in cn=encryption,
         cn=config is invalid. Ignoring it and set it to default.
    
    https://fedorahosted.org/389/ticket/47838
    
    Reviewed by tbordaz@redhat.com (Thank you, Thierry!)
    
        
file modified
+44 -16