#50834 Incorrectly setting the NSS default SSL version max
Closed: wontfix 8 months ago by mreynolds. Opened 8 months ago by mreynolds.

Issue Description

We've been using the wrong function to get the NSS max version We were calling SSL_VersionRangeGetSupported() which gets the versions NSS "can" handle, but SSL_VersionRangeGetDefault() gets the versions that are actually "enabled". So RHEL 7 with the latest version of nss 3.44, we were advertising and accepting TLS1.3 ciphers, but NSS was only enabled TLS1.2.

So all the clients trying to use 1.3 will get rejected, in this case it was a RHEL 8 client trying to contact a RHEL 7 server.


Metadata Update from @mreynolds:
- Custom field origin adjusted to None
- Custom field reviewstatus adjusted to None
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1781276

8 months ago

Commit d24352c relates to this ticket

Commit d24352c relates to this ticket

d4702b5..c554108 389-ds-base-1.4.2 -> 389-ds-base-1.4.2

16f7b52..de5e4ac 389-ds-base-1.4.1 -> 389-ds-base-1.4.1

da26367..bcb1e24 389-ds-base-1.3.10 -> 389-ds-base-1.3.10

Metadata Update from @mreynolds:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

8 months ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/3888

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: fixed)

12 days ago

Login to comment on this ticket.

Metadata