#47994 DS console incorrectly resets all the SSL settings when adjusting a single value
Closed: Fixed None Opened 5 years ago by mreynolds.

As reported on 389-users mailing list:

Using the DS console and changing a single setting resets all the ciphers and SSL settings. So it will enable SSL3 which should remain off.

Here I just used the console to set "Do not allow client authentication", and this is what the console did(note nsSSL3 was off):

time: 20150120113536
dn: cn=RSA,cn=encryption,cn=config
changetype: modify
replace: nsSSLToken
nsSSLToken: internal (software)
-
replace: nsSSLPersonalitySSL
nsSSLPersonalitySSL: Server-Cert
-
replace: nsSSLActivation
nsSSLActivation: on
-
replace: objectClass
objectClass: top
objectClass: nsEncryptionModule

time: 20150120113536
dn: cn=encryption,cn=config
changetype: modify
replace: nsSSL3
nsSSL3: on
-
replace: nsSSLClientAuth
nsSSLClientAuth: off
-
replace: nsSSL3Ciphers
nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,
 +rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,+tls_rsa_expo
 rt1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha
-
replace: nsKeyfile
nsKeyfile: alias/slapd-localhost-key3.db
-
replace: nsCertfile
nsCertfile: alias/slapd-localhost-cert8.db

time: 20150120113536
dn: cn=config
changetype: modify
replace: nsslapd-security
nsslapd-security: on
-
replace: nsslapd-ssl-check-hostname
nsslapd-ssl-check-hostname: off
-

time: 20150120113536
dn: cn=slapd-localhost,cn=389 Directory Server,cn=Server Group,cn=localhost.localdomain,ou=example.com,o=NetscapeRoot
changetype: modify
replace: nsServerSecurity
nsServerSecurity: on
-

To ssh://git.fedorahosted.org/git/389/ds-console.git
970e8b1..f668294 master -> master

commit f668294a80f37dad8be85348fbe582e817ef2361
Author: Mark Reynolds mreynolds@redhat.com
Date: Tue Jan 20 12:47:37 2015 -0500

Metadata Update from @mreynolds:
- Issue assigned to mreynolds
- Issue set to the milestone: 389-admin,console 1.1.36

2 years ago

Login to comment on this ticket.

Metadata