389-ds-base

Clone
Source Code
GIT

f7ae1e8 Ticket #47928 - Disable SSL v3, by default [389-ds-base-1.2.11 only]

Authored and Committed by nhosoi 9 years ago
raw patch tree parent
2 files changed. 136 lines added. 17 lines removed.
ldap/servers/slapd/fedse.c
file modified
+2 -1
ldap/servers/slapd/ssl.c
file modified
+134 -16 
    Ticket #47928 - Disable SSL v3, by default [389-ds-base-1.2.11 only]
    
    Description:
    [fedse.c]
      By default, nsSSL3 is set to off and nsTLS1 is on in cn=encryption,cn=config.
    [ssl.c]
      Back-ported SSLVersionRange from the master branch, but no new range
      parameter support in the config.  If nsSSL3 is explicitely set to
      on, SSL_LIBRARY_VERSION_3_0 is set to the minimum ssl version.
      Otherwise, SSL_LIBRARY_VERSION_TLS_1_0 becomes the minimum version.
      The max available version is set to the maximum ssl version.
    
      On this version, there is no way to disable TLS1.0 and enable TLS1.1
      and newer.  If nsTLS1 is on, all TLS1.X are enabled.
    
    Note: This patch covers Ticket #605 - support TLS 1.1, as well.
    
    https://fedorahosted.org/389/ticket/47928
    (cherry picked from commit 17fc03cf1101135b99234f17efd3eb746626be1a)
file modified
+2 -1
file modified
+134 -16
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.