#47994 DS console incorrectly resets all the SSL settings when adjusting a single value
Closed: wontfix None Opened 6 years ago by mreynolds.

As reported on 389-users mailing list:

Using the DS console and changing a single setting resets all the ciphers and SSL settings. So it will enable SSL3 which should remain off.

Here I just used the console to set "Do not allow client authentication", and this is what the console did(note nsSSL3 was off):

time: 20150120113536
dn: cn=RSA,cn=encryption,cn=config
changetype: modify
replace: nsSSLToken
nsSSLToken: internal (software)
-
replace: nsSSLPersonalitySSL
nsSSLPersonalitySSL: Server-Cert
-
replace: nsSSLActivation
nsSSLActivation: on
-
replace: objectClass
objectClass: top
objectClass: nsEncryptionModule

time: 20150120113536
dn: cn=encryption,cn=config
changetype: modify
replace: nsSSL3
nsSSL3: on
-
replace: nsSSLClientAuth
nsSSLClientAuth: off
-
replace: nsSSL3Ciphers
nsSSL3Ciphers: -rsa_null_md5,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+rsa_rc2_40_md5,
 +rsa_des_sha,+rsa_fips_des_sha,+rsa_3des_sha,+rsa_fips_3des_sha,+tls_rsa_expo
 rt1024_with_rc4_56_sha,+tls_rsa_export1024_with_des_cbc_sha
-
replace: nsKeyfile
nsKeyfile: alias/slapd-localhost-key3.db
-
replace: nsCertfile
nsCertfile: alias/slapd-localhost-cert8.db

time: 20150120113536
dn: cn=config
changetype: modify
replace: nsslapd-security
nsslapd-security: on
-
replace: nsslapd-ssl-check-hostname
nsslapd-ssl-check-hostname: off
-

time: 20150120113536
dn: cn=slapd-localhost,cn=389 Directory Server,cn=Server Group,cn=localhost.localdomain,ou=example.com,o=NetscapeRoot
changetype: modify
replace: nsServerSecurity
nsServerSecurity: on
-

To ssh://git.fedorahosted.org/git/389/ds-console.git
970e8b1..f668294 master -> master

commit f668294a80f37dad8be85348fbe582e817ef2361
Author: Mark Reynolds mreynolds@redhat.com
Date: Tue Jan 20 12:47:37 2015 -0500

Metadata Update from @mreynolds:
- Issue assigned to mreynolds
- Issue set to the milestone: 389-admin,console 1.1.36

4 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/1325

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)

7 months ago

Login to comment on this ticket.

Metadata